<!DOCTYPE html>
<html>
<head>
	<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
	<meta name="generator" content="ApiGen; http://apigen.org" />
	<meta name="robots" content="noindex" />

	<title>Security\Permission.php</title>

	<link rel="stylesheet" href="resources/style.css?v=2011071314" type="text/css" media="all" />
	<link rel="shortcut icon" href="/favicon.ico" type="image/x-icon" />
	<link rel="search" href="opensearch.xml" type="application/opensearchdescription+xml" title="Nette Framework API documentation" />
	<script type="text/javascript" src="resources/combined.js"></script>
	<script type="text/javascript" src="allclasses.js"></script>
</head>

<body>
<div id="left">
	<a href="allclasses.html">All Classes</a>

	<h3>Namespaces</h3>
	<ul>
		<li><a href="namespace-none.html">none</a>
		</li>
		<li><a href="namespace-Nette.html">Nette</a>
		</li>
		<li><a href="namespace-Nette.Application.html">Nette\Application</a>
		</li>
		<li><a href="namespace-Nette.Caching.html">Nette\Caching</a>
		</li>
		<li><a href="namespace-Nette.Collections.html">Nette\Collections</a>
		</li>
		<li><a href="namespace-Nette.Config.html">Nette\Config</a>
		</li>
		<li><a href="namespace-Nette.Forms.html">Nette\Forms</a>
		</li>
		<li><a href="namespace-Nette.IO.html">Nette\IO</a>
		</li>
		<li><a href="namespace-Nette.Loaders.html">Nette\Loaders</a>
		</li>
		<li><a href="namespace-Nette.Mail.html">Nette\Mail</a>
		</li>
		<li><a href="namespace-Nette.Reflection.html">Nette\Reflection</a>
		</li>
		<li class="active"><a href="namespace-Nette.Security.html">Nette\Security</a>
		</li>
		<li><a href="namespace-Nette.Templates.html">Nette\Templates</a>
		</li>
		<li><a href="namespace-Nette.Web.html">Nette\Web</a>
		</li>
		<li><a href="namespace-PHP.html">PHP</a>
		</li>
	</ul>

	<hr />

	<h3>Classes</h3>

	<ul>
		<li><a href="Nette.Security.Identity.html">Identity</a></li>
		<li class="active"><a href="Nette.Security.Permission.html">Permission</a></li>
		<li><a href="Nette.Security.SimpleAuthenticator.html">SimpleAuthenticator</a></li>
	</ul>

	<h3>Interfaces</h3>

	<ul>
		<li><a href="Nette.Security.IAuthenticator.html">IAuthenticator</a></li>
		<li><a href="Nette.Security.IAuthorizator.html">IAuthorizator</a></li>
		<li><a href="Nette.Security.IIdentity.html">IIdentity</a></li>
		<li><a href="Nette.Security.IPermissionAssertion.html">IPermissionAssertion</a></li>
		<li><a href="Nette.Security.IResource.html">IResource</a></li>
		<li><a href="Nette.Security.IRole.html">IRole</a></li>
	</ul>

	<h3>Exceptions</h3>

	<ul>
		<li><a href="Nette.Security.AuthenticationException.html">AuthenticationException</a></li>
	</ul>
</div>

<div id="right">
	<form action="http://www.google.com/cse" id="search" onsubmit="if(this.q.value.indexOf('more:')==-1)this.q.value+=' more:api'">
		<input type="hidden" name="cx" value="011549293477758430224:vxofa9ufnhc" /><input type="hidden" name="ie" value="UTF-8" /><input type="text" name="q" class="text" /><input type="submit" value="Search" />
	</form>

<div id="navigation">
	<ul>
		<li><a href="overview.html" title="Summary of all namespaces">Overview</a></li>
		<li><a href="elements.html">Elements</a></li>
	</ul>
</div>

<pre><code><a href="#1" id="1" class="l">   1: </a><span class="xlang">&lt;?php</span>
<a href="#2" id="2" class="l">   2: </a>
<a href="#3" id="3" class="l">   3: </a><span class="php-comment">/**
</span><a href="#4" id="4" class="l">   4: </a><span class="php-comment"> * This file is part of the Nette Framework (http://nette.org)
</span><a href="#5" id="5" class="l">   5: </a><span class="php-comment"> *
</span><a href="#6" id="6" class="l">   6: </a><span class="php-comment"> * Copyright (c) 2004, 2010 David Grudl (http://davidgrudl.com)
</span><a href="#7" id="7" class="l">   7: </a><span class="php-comment"> *
</span><a href="#8" id="8" class="l">   8: </a><span class="php-comment"> * For the full copyright and license information, please view
</span><a href="#9" id="9" class="l">   9: </a><span class="php-comment"> * the file license.txt that was distributed with this source code.
</span><a href="#10" id="10" class="l">  10: </a><span class="php-comment"> */</span>
<a href="#11" id="11" class="l">  11: </a>
<a href="#12" id="12" class="l">  12: </a><span class="php-keyword1">namespace</span> Nette\Security;
<a href="#13" id="13" class="l">  13: </a>
<a href="#14" id="14" class="l">  14: </a><span class="php-keyword1">use</span> Nette;
<a href="#15" id="15" class="l">  15: </a>
<a href="#16" id="16" class="l">  16: </a>
<a href="#17" id="17" class="l">  17: </a>
<a href="#18" id="18" class="l">  18: </a><span class="php-comment">/**
</span><a href="#19" id="19" class="l">  19: </a><span class="php-comment"> * Access control list (ACL) functionality and privileges management.
</span><a href="#20" id="20" class="l">  20: </a><span class="php-comment"> *
</span><a href="#21" id="21" class="l">  21: </a><span class="php-comment"> * This solution is mostly based on Zend_Acl (c) Zend Technologies USA Inc. (http://www.zend.com), new BSD license
</span><a href="#22" id="22" class="l">  22: </a><span class="php-comment"> *
</span><a href="#23" id="23" class="l">  23: </a><span class="php-comment"> * @copyright  Copyright (c) 2005, 2007 Zend Technologies USA Inc.
</span><a href="#24" id="24" class="l">  24: </a><span class="php-comment"> * @author     David Grudl
</span><a href="#25" id="25" class="l">  25: </a><span class="php-comment"> */</span>
<a href="#26" id="26" class="l">  26: </a><span class="php-keyword1">class</span> Permission <span class="php-keyword1">extends</span> Nette\Object <span class="php-keyword1">implements</span> IAuthorizator
<a href="#27" id="27" class="l">  27: </a>{
<a href="#28" id="28" class="l">  28: </a>    <span class="php-comment">/** @var array  Role storage */</span>
<a href="#29" id="29" class="l">  29: </a>    <span class="php-keyword1">private</span> <span class="php-var">$roles</span> = <span class="php-keyword1">array</span>();
<a href="#30" id="30" class="l">  30: </a>
<a href="#31" id="31" class="l">  31: </a>    <span class="php-comment">/** @var array  Resource storage */</span>
<a href="#32" id="32" class="l">  32: </a>    <span class="php-keyword1">private</span> <span class="php-var">$resources</span> = <span class="php-keyword1">array</span>();
<a href="#33" id="33" class="l">  33: </a>
<a href="#34" id="34" class="l">  34: </a>    <span class="php-comment">/** @var array  Access Control List rules; whitelist (deny everything to all) by default */</span>
<a href="#35" id="35" class="l">  35: </a>    <span class="php-keyword1">private</span> <span class="php-var">$rules</span> = <span class="php-keyword1">array</span>(
<a href="#36" id="36" class="l">  36: </a>        <span class="php-quote">'allResources'</span> =&gt; <span class="php-keyword1">array</span>(
<a href="#37" id="37" class="l">  37: </a>            <span class="php-quote">'allRoles'</span> =&gt; <span class="php-keyword1">array</span>(
<a href="#38" id="38" class="l">  38: </a>                <span class="php-quote">'allPrivileges'</span> =&gt; <span class="php-keyword1">array</span>(
<a href="#39" id="39" class="l">  39: </a>                    <span class="php-quote">'type'</span>   =&gt; self::DENY,
<a href="#40" id="40" class="l">  40: </a>                    <span class="php-quote">'assert'</span> =&gt; <span class="php-keyword1">NULL</span>,
<a href="#41" id="41" class="l">  41: </a>                ),
<a href="#42" id="42" class="l">  42: </a>                <span class="php-quote">'byPrivilege'</span> =&gt; <span class="php-keyword1">array</span>(),
<a href="#43" id="43" class="l">  43: </a>            ),
<a href="#44" id="44" class="l">  44: </a>            <span class="php-quote">'byRole'</span> =&gt; <span class="php-keyword1">array</span>(),
<a href="#45" id="45" class="l">  45: </a>        ),
<a href="#46" id="46" class="l">  46: </a>        <span class="php-quote">'byResource'</span> =&gt; <span class="php-keyword1">array</span>(),
<a href="#47" id="47" class="l">  47: </a>    );
<a href="#48" id="48" class="l">  48: </a>
<a href="#49" id="49" class="l">  49: </a>    <span class="php-comment">/** @var mixed */</span>
<a href="#50" id="50" class="l">  50: </a>    <span class="php-keyword1">private</span> <span class="php-var">$queriedRole</span>, <span class="php-var">$queriedResource</span>;
<a href="#51" id="51" class="l">  51: </a>
<a href="#52" id="52" class="l">  52: </a>
<a href="#53" id="53" class="l">  53: </a>
<a href="#54" id="54" class="l">  54: </a>    <span class="php-comment">/********************* roles ****************d*g**/</span>
<a href="#55" id="55" class="l">  55: </a>
<a href="#56" id="56" class="l">  56: </a>
<a href="#57" id="57" class="l">  57: </a>    <span class="php-comment">/**
</span><a href="#58" id="58" class="l">  58: </a><span class="php-comment">     * Adds a Role to the list.
</span><a href="#59" id="59" class="l">  59: </a><span class="php-comment">     *
</span><a href="#60" id="60" class="l">  60: </a><span class="php-comment">     * The $parents parameter may be a Role identifier (or array of identifiers)
</span><a href="#61" id="61" class="l">  61: </a><span class="php-comment">     * to indicate the Roles from which the newly added Role will directly inherit.
</span><a href="#62" id="62" class="l">  62: </a><span class="php-comment">     *
</span><a href="#63" id="63" class="l">  63: </a><span class="php-comment">     * In order to resolve potential ambiguities with conflicting rules inherited
</span><a href="#64" id="64" class="l">  64: </a><span class="php-comment">     * from different parents, the most recently added parent takes precedence over
</span><a href="#65" id="65" class="l">  65: </a><span class="php-comment">     * parents that were previously added. In other words, the first parent added
</span><a href="#66" id="66" class="l">  66: </a><span class="php-comment">     * will have the least priority, and the last parent added will have the
</span><a href="#67" id="67" class="l">  67: </a><span class="php-comment">     * highest priority.
</span><a href="#68" id="68" class="l">  68: </a><span class="php-comment">     *
</span><a href="#69" id="69" class="l">  69: </a><span class="php-comment">     * @param  string
</span><a href="#70" id="70" class="l">  70: </a><span class="php-comment">     * @param  string|array
</span><a href="#71" id="71" class="l">  71: </a><span class="php-comment">     * @throws \InvalidArgumentException
</span><a href="#72" id="72" class="l">  72: </a><span class="php-comment">     * @throws \InvalidStateException
</span><a href="#73" id="73" class="l">  73: </a><span class="php-comment">     * @return Permission  provides a fluent interface
</span><a href="#74" id="74" class="l">  74: </a><span class="php-comment">     */</span>
<a href="#75" id="75" class="l">  75: </a>    <span class="php-keyword1">public</span> <span class="php-keyword1">function</span> addRole(<span class="php-var">$role</span>, <span class="php-var">$parents</span> = <span class="php-keyword1">NULL</span>)
<a href="#76" id="76" class="l">  76: </a>    {
<a href="#77" id="77" class="l">  77: </a>        <span class="php-var">$this</span>-&gt;checkRole(<span class="php-var">$role</span>, <span class="php-keyword1">FALSE</span>);
<a href="#78" id="78" class="l">  78: </a>
<a href="#79" id="79" class="l">  79: </a>        <span class="php-keyword1">if</span> (<span class="php-keyword1">isset</span>(<span class="php-var">$this</span>-&gt;roles[<span class="php-var">$role</span>])) {
<a href="#80" id="80" class="l">  80: </a>            <span class="php-keyword1">throw</span> <span class="php-keyword1">new</span> \InvalidStateException(<span class="php-quote">&quot;Role '</span><span class="php-var">$role</span><span class="php-quote">' already exists in the list.&quot;</span>);
<a href="#81" id="81" class="l">  81: </a>        }
<a href="#82" id="82" class="l">  82: </a>
<a href="#83" id="83" class="l">  83: </a>        <span class="php-var">$roleParents</span> = <span class="php-keyword1">array</span>();
<a href="#84" id="84" class="l">  84: </a>
<a href="#85" id="85" class="l">  85: </a>        <span class="php-keyword1">if</span> (<span class="php-var">$parents</span> !== <span class="php-keyword1">NULL</span>) {
<a href="#86" id="86" class="l">  86: </a>            <span class="php-keyword1">if</span> (!<span class="php-keyword2">is_array</span>(<span class="php-var">$parents</span>)) {
<a href="#87" id="87" class="l">  87: </a>                <span class="php-var">$parents</span> = <span class="php-keyword1">array</span>(<span class="php-var">$parents</span>);
<a href="#88" id="88" class="l">  88: </a>            }
<a href="#89" id="89" class="l">  89: </a>
<a href="#90" id="90" class="l">  90: </a>            <span class="php-keyword1">foreach</span> (<span class="php-var">$parents</span> as <span class="php-var">$parent</span>) {
<a href="#91" id="91" class="l">  91: </a>                <span class="php-var">$this</span>-&gt;checkRole(<span class="php-var">$parent</span>);
<a href="#92" id="92" class="l">  92: </a>                <span class="php-var">$roleParents</span>[<span class="php-var">$parent</span>] = <span class="php-keyword1">TRUE</span>;
<a href="#93" id="93" class="l">  93: </a>                <span class="php-var">$this</span>-&gt;roles[<span class="php-var">$parent</span>][<span class="php-quote">'children'</span>][<span class="php-var">$role</span>] = <span class="php-keyword1">TRUE</span>;
<a href="#94" id="94" class="l">  94: </a>            }
<a href="#95" id="95" class="l">  95: </a>        }
<a href="#96" id="96" class="l">  96: </a>
<a href="#97" id="97" class="l">  97: </a>        <span class="php-var">$this</span>-&gt;roles[<span class="php-var">$role</span>] = <span class="php-keyword1">array</span>(
<a href="#98" id="98" class="l">  98: </a>            <span class="php-quote">'parents'</span>  =&gt; <span class="php-var">$roleParents</span>,
<a href="#99" id="99" class="l">  99: </a>            <span class="php-quote">'children'</span> =&gt; <span class="php-keyword1">array</span>(),
<a href="#100" id="100" class="l"> 100: </a>        );
<a href="#101" id="101" class="l"> 101: </a>
<a href="#102" id="102" class="l"> 102: </a>        <span class="php-keyword1">return</span> <span class="php-var">$this</span>;
<a href="#103" id="103" class="l"> 103: </a>    }
<a href="#104" id="104" class="l"> 104: </a>
<a href="#105" id="105" class="l"> 105: </a>
<a href="#106" id="106" class="l"> 106: </a>
<a href="#107" id="107" class="l"> 107: </a>    <span class="php-comment">/**
</span><a href="#108" id="108" class="l"> 108: </a><span class="php-comment">     * Returns TRUE if the Role exists in the list.
</span><a href="#109" id="109" class="l"> 109: </a><span class="php-comment">     * @param  string
</span><a href="#110" id="110" class="l"> 110: </a><span class="php-comment">     * @return bool
</span><a href="#111" id="111" class="l"> 111: </a><span class="php-comment">     */</span>
<a href="#112" id="112" class="l"> 112: </a>    <span class="php-keyword1">public</span> <span class="php-keyword1">function</span> hasRole(<span class="php-var">$role</span>)
<a href="#113" id="113" class="l"> 113: </a>    {
<a href="#114" id="114" class="l"> 114: </a>        <span class="php-var">$this</span>-&gt;checkRole(<span class="php-var">$role</span>, <span class="php-keyword1">FALSE</span>);
<a href="#115" id="115" class="l"> 115: </a>        <span class="php-keyword1">return</span> <span class="php-keyword1">isset</span>(<span class="php-var">$this</span>-&gt;roles[<span class="php-var">$role</span>]);
<a href="#116" id="116" class="l"> 116: </a>    }
<a href="#117" id="117" class="l"> 117: </a>
<a href="#118" id="118" class="l"> 118: </a>
<a href="#119" id="119" class="l"> 119: </a>
<a href="#120" id="120" class="l"> 120: </a>    <span class="php-comment">/**
</span><a href="#121" id="121" class="l"> 121: </a><span class="php-comment">     * Checks whether Role is valid and exists in the list.
</span><a href="#122" id="122" class="l"> 122: </a><span class="php-comment">     * @param  string
</span><a href="#123" id="123" class="l"> 123: </a><span class="php-comment">     * @param  bool
</span><a href="#124" id="124" class="l"> 124: </a><span class="php-comment">     * @throws \InvalidStateException
</span><a href="#125" id="125" class="l"> 125: </a><span class="php-comment">     * @return void
</span><a href="#126" id="126" class="l"> 126: </a><span class="php-comment">     */</span>
<a href="#127" id="127" class="l"> 127: </a>    <span class="php-keyword1">private</span> <span class="php-keyword1">function</span> checkRole(<span class="php-var">$role</span>, <span class="php-var">$need</span> = <span class="php-keyword1">TRUE</span>)
<a href="#128" id="128" class="l"> 128: </a>    {
<a href="#129" id="129" class="l"> 129: </a>        <span class="php-keyword1">if</span> (!<span class="php-keyword2">is_string</span>(<span class="php-var">$role</span>) || <span class="php-var">$role</span> === <span class="php-quote">''</span>) {
<a href="#130" id="130" class="l"> 130: </a>            <span class="php-keyword1">throw</span> <span class="php-keyword1">new</span> \InvalidArgumentException(<span class="php-quote">&quot;Role must be a non-empty string.&quot;</span>);
<a href="#131" id="131" class="l"> 131: </a>
<a href="#132" id="132" class="l"> 132: </a>        } <span class="php-keyword1">elseif</span> (<span class="php-var">$need</span> &amp;&amp; !<span class="php-keyword1">isset</span>(<span class="php-var">$this</span>-&gt;roles[<span class="php-var">$role</span>])) {
<a href="#133" id="133" class="l"> 133: </a>            <span class="php-keyword1">throw</span> <span class="php-keyword1">new</span> \InvalidStateException(<span class="php-quote">&quot;Role '</span><span class="php-var">$role</span><span class="php-quote">' does not exist.&quot;</span>);
<a href="#134" id="134" class="l"> 134: </a>        }
<a href="#135" id="135" class="l"> 135: </a>    }
<a href="#136" id="136" class="l"> 136: </a>
<a href="#137" id="137" class="l"> 137: </a>
<a href="#138" id="138" class="l"> 138: </a>
<a href="#139" id="139" class="l"> 139: </a>    <span class="php-comment">/**
</span><a href="#140" id="140" class="l"> 140: </a><span class="php-comment">     * Returns an array of an existing Role's parents.
</span><a href="#141" id="141" class="l"> 141: </a><span class="php-comment">     *
</span><a href="#142" id="142" class="l"> 142: </a><span class="php-comment">     * The parent Roles are ordered in this array by ascending priority.
</span><a href="#143" id="143" class="l"> 143: </a><span class="php-comment">     * The highest priority parent Role, last in the array, corresponds with
</span><a href="#144" id="144" class="l"> 144: </a><span class="php-comment">     * the parent Role most recently added.
</span><a href="#145" id="145" class="l"> 145: </a><span class="php-comment">     *
</span><a href="#146" id="146" class="l"> 146: </a><span class="php-comment">     * If the Role does not have any parents, then an empty array is returned.
</span><a href="#147" id="147" class="l"> 147: </a><span class="php-comment">     *
</span><a href="#148" id="148" class="l"> 148: </a><span class="php-comment">     * @param  string
</span><a href="#149" id="149" class="l"> 149: </a><span class="php-comment">     * @return array
</span><a href="#150" id="150" class="l"> 150: </a><span class="php-comment">     */</span>
<a href="#151" id="151" class="l"> 151: </a>    <span class="php-keyword1">public</span> <span class="php-keyword1">function</span> getRoleParents(<span class="php-var">$role</span>)
<a href="#152" id="152" class="l"> 152: </a>    {
<a href="#153" id="153" class="l"> 153: </a>        <span class="php-var">$this</span>-&gt;checkRole(<span class="php-var">$role</span>);
<a href="#154" id="154" class="l"> 154: </a>        <span class="php-keyword1">return</span> <span class="php-keyword2">array_keys</span>(<span class="php-var">$this</span>-&gt;roles[<span class="php-var">$role</span>][<span class="php-quote">'parents'</span>]);
<a href="#155" id="155" class="l"> 155: </a>    }
<a href="#156" id="156" class="l"> 156: </a>
<a href="#157" id="157" class="l"> 157: </a>
<a href="#158" id="158" class="l"> 158: </a>
<a href="#159" id="159" class="l"> 159: </a>    <span class="php-comment">/**
</span><a href="#160" id="160" class="l"> 160: </a><span class="php-comment">     * Returns TRUE if $role inherits from $inherit.
</span><a href="#161" id="161" class="l"> 161: </a><span class="php-comment">     *
</span><a href="#162" id="162" class="l"> 162: </a><span class="php-comment">     * If $onlyParents is TRUE, then $role must inherit directly from
</span><a href="#163" id="163" class="l"> 163: </a><span class="php-comment">     * $inherit in order to return TRUE. By default, this method looks
</span><a href="#164" id="164" class="l"> 164: </a><span class="php-comment">     * through the entire inheritance DAG to determine whether $role
</span><a href="#165" id="165" class="l"> 165: </a><span class="php-comment">     * inherits from $inherit through its ancestor Roles.
</span><a href="#166" id="166" class="l"> 166: </a><span class="php-comment">     *
</span><a href="#167" id="167" class="l"> 167: </a><span class="php-comment">     * @param  string
</span><a href="#168" id="168" class="l"> 168: </a><span class="php-comment">     * @param  string
</span><a href="#169" id="169" class="l"> 169: </a><span class="php-comment">     * @param  boolean
</span><a href="#170" id="170" class="l"> 170: </a><span class="php-comment">     * @throws \InvalidStateException
</span><a href="#171" id="171" class="l"> 171: </a><span class="php-comment">     * @return bool
</span><a href="#172" id="172" class="l"> 172: </a><span class="php-comment">     */</span>
<a href="#173" id="173" class="l"> 173: </a>    <span class="php-keyword1">public</span> <span class="php-keyword1">function</span> roleInheritsFrom(<span class="php-var">$role</span>, <span class="php-var">$inherit</span>, <span class="php-var">$onlyParents</span> = <span class="php-keyword1">FALSE</span>)
<a href="#174" id="174" class="l"> 174: </a>    {
<a href="#175" id="175" class="l"> 175: </a>        <span class="php-var">$this</span>-&gt;checkRole(<span class="php-var">$role</span>);
<a href="#176" id="176" class="l"> 176: </a>        <span class="php-var">$this</span>-&gt;checkRole(<span class="php-var">$inherit</span>);
<a href="#177" id="177" class="l"> 177: </a>
<a href="#178" id="178" class="l"> 178: </a>        <span class="php-var">$inherits</span> = <span class="php-keyword1">isset</span>(<span class="php-var">$this</span>-&gt;roles[<span class="php-var">$role</span>][<span class="php-quote">'parents'</span>][<span class="php-var">$inherit</span>]);
<a href="#179" id="179" class="l"> 179: </a>
<a href="#180" id="180" class="l"> 180: </a>        <span class="php-keyword1">if</span> (<span class="php-var">$inherits</span> || <span class="php-var">$onlyParents</span>) {
<a href="#181" id="181" class="l"> 181: </a>            <span class="php-keyword1">return</span> <span class="php-var">$inherits</span>;
<a href="#182" id="182" class="l"> 182: </a>        }
<a href="#183" id="183" class="l"> 183: </a>
<a href="#184" id="184" class="l"> 184: </a>        <span class="php-keyword1">foreach</span> (<span class="php-var">$this</span>-&gt;roles[<span class="php-var">$role</span>][<span class="php-quote">'parents'</span>] as <span class="php-var">$parent</span> =&gt; <span class="php-var">$foo</span>) {
<a href="#185" id="185" class="l"> 185: </a>            <span class="php-keyword1">if</span> (<span class="php-var">$this</span>-&gt;roleInheritsFrom(<span class="php-var">$parent</span>, <span class="php-var">$inherit</span>)) {
<a href="#186" id="186" class="l"> 186: </a>                <span class="php-keyword1">return</span> <span class="php-keyword1">TRUE</span>;
<a href="#187" id="187" class="l"> 187: </a>            }
<a href="#188" id="188" class="l"> 188: </a>        }
<a href="#189" id="189" class="l"> 189: </a>
<a href="#190" id="190" class="l"> 190: </a>        <span class="php-keyword1">return</span> <span class="php-keyword1">FALSE</span>;
<a href="#191" id="191" class="l"> 191: </a>    }
<a href="#192" id="192" class="l"> 192: </a>
<a href="#193" id="193" class="l"> 193: </a>
<a href="#194" id="194" class="l"> 194: </a>
<a href="#195" id="195" class="l"> 195: </a>    <span class="php-comment">/**
</span><a href="#196" id="196" class="l"> 196: </a><span class="php-comment">     * Removes the Role from the list.
</span><a href="#197" id="197" class="l"> 197: </a><span class="php-comment">     *
</span><a href="#198" id="198" class="l"> 198: </a><span class="php-comment">     * @param  string
</span><a href="#199" id="199" class="l"> 199: </a><span class="php-comment">     * @throws \InvalidStateException
</span><a href="#200" id="200" class="l"> 200: </a><span class="php-comment">     * @return Permission  provides a fluent interface
</span><a href="#201" id="201" class="l"> 201: </a><span class="php-comment">     */</span>
<a href="#202" id="202" class="l"> 202: </a>    <span class="php-keyword1">public</span> <span class="php-keyword1">function</span> removeRole(<span class="php-var">$role</span>)
<a href="#203" id="203" class="l"> 203: </a>    {
<a href="#204" id="204" class="l"> 204: </a>        <span class="php-var">$this</span>-&gt;checkRole(<span class="php-var">$role</span>);
<a href="#205" id="205" class="l"> 205: </a>
<a href="#206" id="206" class="l"> 206: </a>        <span class="php-keyword1">foreach</span> (<span class="php-var">$this</span>-&gt;roles[<span class="php-var">$role</span>][<span class="php-quote">'children'</span>] as <span class="php-var">$child</span> =&gt; <span class="php-var">$foo</span>)
<a href="#207" id="207" class="l"> 207: </a>            <span class="php-keyword1">unset</span>(<span class="php-var">$this</span>-&gt;roles[<span class="php-var">$child</span>][<span class="php-quote">'parents'</span>][<span class="php-var">$role</span>]);
<a href="#208" id="208" class="l"> 208: </a>
<a href="#209" id="209" class="l"> 209: </a>        <span class="php-keyword1">foreach</span> (<span class="php-var">$this</span>-&gt;roles[<span class="php-var">$role</span>][<span class="php-quote">'parents'</span>] as <span class="php-var">$parent</span> =&gt; <span class="php-var">$foo</span>)
<a href="#210" id="210" class="l"> 210: </a>            <span class="php-keyword1">unset</span>(<span class="php-var">$this</span>-&gt;roles[<span class="php-var">$parent</span>][<span class="php-quote">'children'</span>][<span class="php-var">$role</span>]);
<a href="#211" id="211" class="l"> 211: </a>
<a href="#212" id="212" class="l"> 212: </a>        <span class="php-keyword1">unset</span>(<span class="php-var">$this</span>-&gt;roles[<span class="php-var">$role</span>]);
<a href="#213" id="213" class="l"> 213: </a>
<a href="#214" id="214" class="l"> 214: </a>        <span class="php-keyword1">foreach</span> (<span class="php-var">$this</span>-&gt;rules[<span class="php-quote">'allResources'</span>][<span class="php-quote">'byRole'</span>] as <span class="php-var">$roleCurrent</span> =&gt; <span class="php-var">$rules</span>) {
<a href="#215" id="215" class="l"> 215: </a>            <span class="php-keyword1">if</span> (<span class="php-var">$role</span> === <span class="php-var">$roleCurrent</span>) {
<a href="#216" id="216" class="l"> 216: </a>                <span class="php-keyword1">unset</span>(<span class="php-var">$this</span>-&gt;rules[<span class="php-quote">'allResources'</span>][<span class="php-quote">'byRole'</span>][<span class="php-var">$roleCurrent</span>]);
<a href="#217" id="217" class="l"> 217: </a>            }
<a href="#218" id="218" class="l"> 218: </a>        }
<a href="#219" id="219" class="l"> 219: </a>
<a href="#220" id="220" class="l"> 220: </a>        <span class="php-keyword1">foreach</span> (<span class="php-var">$this</span>-&gt;rules[<span class="php-quote">'byResource'</span>] as <span class="php-var">$resourceCurrent</span> =&gt; <span class="php-var">$visitor</span>) {
<a href="#221" id="221" class="l"> 221: </a>            <span class="php-keyword1">if</span> (<span class="php-keyword1">isset</span>(<span class="php-var">$visitor</span>[<span class="php-quote">'byRole'</span>])) {
<a href="#222" id="222" class="l"> 222: </a>                <span class="php-keyword1">foreach</span> (<span class="php-var">$visitor</span>[<span class="php-quote">'byRole'</span>] as <span class="php-var">$roleCurrent</span> =&gt; <span class="php-var">$rules</span>) {
<a href="#223" id="223" class="l"> 223: </a>                    <span class="php-keyword1">if</span> (<span class="php-var">$role</span> === <span class="php-var">$roleCurrent</span>) {
<a href="#224" id="224" class="l"> 224: </a>                        <span class="php-keyword1">unset</span>(<span class="php-var">$this</span>-&gt;rules[<span class="php-quote">'byResource'</span>][<span class="php-var">$resourceCurrent</span>][<span class="php-quote">'byRole'</span>][<span class="php-var">$roleCurrent</span>]);
<a href="#225" id="225" class="l"> 225: </a>                    }
<a href="#226" id="226" class="l"> 226: </a>                }
<a href="#227" id="227" class="l"> 227: </a>            }
<a href="#228" id="228" class="l"> 228: </a>        }
<a href="#229" id="229" class="l"> 229: </a>
<a href="#230" id="230" class="l"> 230: </a>        <span class="php-keyword1">return</span> <span class="php-var">$this</span>;
<a href="#231" id="231" class="l"> 231: </a>    }
<a href="#232" id="232" class="l"> 232: </a>
<a href="#233" id="233" class="l"> 233: </a>
<a href="#234" id="234" class="l"> 234: </a>
<a href="#235" id="235" class="l"> 235: </a>    <span class="php-comment">/**
</span><a href="#236" id="236" class="l"> 236: </a><span class="php-comment">     * Removes all Roles from the list.
</span><a href="#237" id="237" class="l"> 237: </a><span class="php-comment">     *
</span><a href="#238" id="238" class="l"> 238: </a><span class="php-comment">     * @return Permission  provides a fluent interface
</span><a href="#239" id="239" class="l"> 239: </a><span class="php-comment">     */</span>
<a href="#240" id="240" class="l"> 240: </a>    <span class="php-keyword1">public</span> <span class="php-keyword1">function</span> removeAllRoles()
<a href="#241" id="241" class="l"> 241: </a>    {
<a href="#242" id="242" class="l"> 242: </a>        <span class="php-var">$this</span>-&gt;roles = <span class="php-keyword1">array</span>();
<a href="#243" id="243" class="l"> 243: </a>
<a href="#244" id="244" class="l"> 244: </a>        <span class="php-keyword1">foreach</span> (<span class="php-var">$this</span>-&gt;rules[<span class="php-quote">'allResources'</span>][<span class="php-quote">'byRole'</span>] as <span class="php-var">$roleCurrent</span> =&gt; <span class="php-var">$rules</span>)
<a href="#245" id="245" class="l"> 245: </a>            <span class="php-keyword1">unset</span>(<span class="php-var">$this</span>-&gt;rules[<span class="php-quote">'allResources'</span>][<span class="php-quote">'byRole'</span>][<span class="php-var">$roleCurrent</span>]);
<a href="#246" id="246" class="l"> 246: </a>
<a href="#247" id="247" class="l"> 247: </a>        <span class="php-keyword1">foreach</span> (<span class="php-var">$this</span>-&gt;rules[<span class="php-quote">'byResource'</span>] as <span class="php-var">$resourceCurrent</span> =&gt; <span class="php-var">$visitor</span>) {
<a href="#248" id="248" class="l"> 248: </a>            <span class="php-keyword1">foreach</span> (<span class="php-var">$visitor</span>[<span class="php-quote">'byRole'</span>] as <span class="php-var">$roleCurrent</span> =&gt; <span class="php-var">$rules</span>) {
<a href="#249" id="249" class="l"> 249: </a>                <span class="php-keyword1">unset</span>(<span class="php-var">$this</span>-&gt;rules[<span class="php-quote">'byResource'</span>][<span class="php-var">$resourceCurrent</span>][<span class="php-quote">'byRole'</span>][<span class="php-var">$roleCurrent</span>]);
<a href="#250" id="250" class="l"> 250: </a>            }
<a href="#251" id="251" class="l"> 251: </a>        }
<a href="#252" id="252" class="l"> 252: </a>
<a href="#253" id="253" class="l"> 253: </a>        <span class="php-keyword1">return</span> <span class="php-var">$this</span>;
<a href="#254" id="254" class="l"> 254: </a>    }
<a href="#255" id="255" class="l"> 255: </a>
<a href="#256" id="256" class="l"> 256: </a>
<a href="#257" id="257" class="l"> 257: </a>
<a href="#258" id="258" class="l"> 258: </a>    <span class="php-comment">/********************* resources ****************d*g**/</span>
<a href="#259" id="259" class="l"> 259: </a>
<a href="#260" id="260" class="l"> 260: </a>
<a href="#261" id="261" class="l"> 261: </a>
<a href="#262" id="262" class="l"> 262: </a>    <span class="php-comment">/**
</span><a href="#263" id="263" class="l"> 263: </a><span class="php-comment">     * Adds a Resource having an identifier unique to the list.
</span><a href="#264" id="264" class="l"> 264: </a><span class="php-comment">     *
</span><a href="#265" id="265" class="l"> 265: </a><span class="php-comment">     * @param  string
</span><a href="#266" id="266" class="l"> 266: </a><span class="php-comment">     * @param  string
</span><a href="#267" id="267" class="l"> 267: </a><span class="php-comment">     * @throws \InvalidArgumentException
</span><a href="#268" id="268" class="l"> 268: </a><span class="php-comment">     * @throws \InvalidStateException
</span><a href="#269" id="269" class="l"> 269: </a><span class="php-comment">     * @return Permission  provides a fluent interface
</span><a href="#270" id="270" class="l"> 270: </a><span class="php-comment">     */</span>
<a href="#271" id="271" class="l"> 271: </a>    <span class="php-keyword1">public</span> <span class="php-keyword1">function</span> addResource(<span class="php-var">$resource</span>, <span class="php-var">$parent</span> = <span class="php-keyword1">NULL</span>)
<a href="#272" id="272" class="l"> 272: </a>    {
<a href="#273" id="273" class="l"> 273: </a>        <span class="php-var">$this</span>-&gt;checkResource(<span class="php-var">$resource</span>, <span class="php-keyword1">FALSE</span>);
<a href="#274" id="274" class="l"> 274: </a>
<a href="#275" id="275" class="l"> 275: </a>        <span class="php-keyword1">if</span> (<span class="php-keyword1">isset</span>(<span class="php-var">$this</span>-&gt;resources[<span class="php-var">$resource</span>])) {
<a href="#276" id="276" class="l"> 276: </a>            <span class="php-keyword1">throw</span> <span class="php-keyword1">new</span> \InvalidStateException(<span class="php-quote">&quot;Resource '</span><span class="php-var">$resource</span><span class="php-quote">' already exists in the list.&quot;</span>);
<a href="#277" id="277" class="l"> 277: </a>        }
<a href="#278" id="278" class="l"> 278: </a>
<a href="#279" id="279" class="l"> 279: </a>        <span class="php-keyword1">if</span> (<span class="php-var">$parent</span> !== <span class="php-keyword1">NULL</span>) {
<a href="#280" id="280" class="l"> 280: </a>            <span class="php-var">$this</span>-&gt;checkResource(<span class="php-var">$parent</span>);
<a href="#281" id="281" class="l"> 281: </a>            <span class="php-var">$this</span>-&gt;resources[<span class="php-var">$parent</span>][<span class="php-quote">'children'</span>][<span class="php-var">$resource</span>] = <span class="php-keyword1">TRUE</span>;
<a href="#282" id="282" class="l"> 282: </a>        }
<a href="#283" id="283" class="l"> 283: </a>
<a href="#284" id="284" class="l"> 284: </a>        <span class="php-var">$this</span>-&gt;resources[<span class="php-var">$resource</span>] = <span class="php-keyword1">array</span>(
<a href="#285" id="285" class="l"> 285: </a>            <span class="php-quote">'parent'</span>   =&gt; <span class="php-var">$parent</span>,
<a href="#286" id="286" class="l"> 286: </a>            <span class="php-quote">'children'</span> =&gt; <span class="php-keyword1">array</span>()
<a href="#287" id="287" class="l"> 287: </a>        );
<a href="#288" id="288" class="l"> 288: </a>
<a href="#289" id="289" class="l"> 289: </a>        <span class="php-keyword1">return</span> <span class="php-var">$this</span>;
<a href="#290" id="290" class="l"> 290: </a>    }
<a href="#291" id="291" class="l"> 291: </a>
<a href="#292" id="292" class="l"> 292: </a>
<a href="#293" id="293" class="l"> 293: </a>
<a href="#294" id="294" class="l"> 294: </a>    <span class="php-comment">/**
</span><a href="#295" id="295" class="l"> 295: </a><span class="php-comment">     * Returns TRUE if the Resource exists in the list.
</span><a href="#296" id="296" class="l"> 296: </a><span class="php-comment">     * @param  string
</span><a href="#297" id="297" class="l"> 297: </a><span class="php-comment">     * @return bool
</span><a href="#298" id="298" class="l"> 298: </a><span class="php-comment">     */</span>
<a href="#299" id="299" class="l"> 299: </a>    <span class="php-keyword1">public</span> <span class="php-keyword1">function</span> hasResource(<span class="php-var">$resource</span>)
<a href="#300" id="300" class="l"> 300: </a>    {
<a href="#301" id="301" class="l"> 301: </a>        <span class="php-var">$this</span>-&gt;checkResource(<span class="php-var">$resource</span>, <span class="php-keyword1">FALSE</span>);
<a href="#302" id="302" class="l"> 302: </a>        <span class="php-keyword1">return</span> <span class="php-keyword1">isset</span>(<span class="php-var">$this</span>-&gt;resources[<span class="php-var">$resource</span>]);
<a href="#303" id="303" class="l"> 303: </a>    }
<a href="#304" id="304" class="l"> 304: </a>
<a href="#305" id="305" class="l"> 305: </a>
<a href="#306" id="306" class="l"> 306: </a>
<a href="#307" id="307" class="l"> 307: </a>    <span class="php-comment">/**
</span><a href="#308" id="308" class="l"> 308: </a><span class="php-comment">     * Checks whether Resource is valid and exists in the list.
</span><a href="#309" id="309" class="l"> 309: </a><span class="php-comment">     * @param  string
</span><a href="#310" id="310" class="l"> 310: </a><span class="php-comment">     * @param  bool
</span><a href="#311" id="311" class="l"> 311: </a><span class="php-comment">     * @throws \InvalidStateException
</span><a href="#312" id="312" class="l"> 312: </a><span class="php-comment">     * @return void
</span><a href="#313" id="313" class="l"> 313: </a><span class="php-comment">     */</span>
<a href="#314" id="314" class="l"> 314: </a>    <span class="php-keyword1">private</span> <span class="php-keyword1">function</span> checkResource(<span class="php-var">$resource</span>, <span class="php-var">$need</span> = <span class="php-keyword1">TRUE</span>)
<a href="#315" id="315" class="l"> 315: </a>    {
<a href="#316" id="316" class="l"> 316: </a>        <span class="php-keyword1">if</span> (!<span class="php-keyword2">is_string</span>(<span class="php-var">$resource</span>) || <span class="php-var">$resource</span> === <span class="php-quote">''</span>) {
<a href="#317" id="317" class="l"> 317: </a>            <span class="php-keyword1">throw</span> <span class="php-keyword1">new</span> \InvalidArgumentException(<span class="php-quote">&quot;Resource must be a non-empty string.&quot;</span>);
<a href="#318" id="318" class="l"> 318: </a>
<a href="#319" id="319" class="l"> 319: </a>        } <span class="php-keyword1">elseif</span> (<span class="php-var">$need</span> &amp;&amp; !<span class="php-keyword1">isset</span>(<span class="php-var">$this</span>-&gt;resources[<span class="php-var">$resource</span>])) {
<a href="#320" id="320" class="l"> 320: </a>            <span class="php-keyword1">throw</span> <span class="php-keyword1">new</span> \InvalidStateException(<span class="php-quote">&quot;Resource '</span><span class="php-var">$resource</span><span class="php-quote">' does not exist.&quot;</span>);
<a href="#321" id="321" class="l"> 321: </a>        }
<a href="#322" id="322" class="l"> 322: </a>    }
<a href="#323" id="323" class="l"> 323: </a>
<a href="#324" id="324" class="l"> 324: </a>
<a href="#325" id="325" class="l"> 325: </a>
<a href="#326" id="326" class="l"> 326: </a>    <span class="php-comment">/**
</span><a href="#327" id="327" class="l"> 327: </a><span class="php-comment">     * Returns TRUE if $resource inherits from $inherit.
</span><a href="#328" id="328" class="l"> 328: </a><span class="php-comment">     *
</span><a href="#329" id="329" class="l"> 329: </a><span class="php-comment">     * If $onlyParents is TRUE, then $resource must inherit directly from
</span><a href="#330" id="330" class="l"> 330: </a><span class="php-comment">     * $inherit in order to return TRUE. By default, this method looks
</span><a href="#331" id="331" class="l"> 331: </a><span class="php-comment">     * through the entire inheritance tree to determine whether $resource
</span><a href="#332" id="332" class="l"> 332: </a><span class="php-comment">     * inherits from $inherit through its ancestor Resources.
</span><a href="#333" id="333" class="l"> 333: </a><span class="php-comment">     *
</span><a href="#334" id="334" class="l"> 334: </a><span class="php-comment">     * @param  string
</span><a href="#335" id="335" class="l"> 335: </a><span class="php-comment">     * @param  string
</span><a href="#336" id="336" class="l"> 336: </a><span class="php-comment">     * @param  boolean
</span><a href="#337" id="337" class="l"> 337: </a><span class="php-comment">     * @throws \InvalidStateException
</span><a href="#338" id="338" class="l"> 338: </a><span class="php-comment">     * @return bool
</span><a href="#339" id="339" class="l"> 339: </a><span class="php-comment">     */</span>
<a href="#340" id="340" class="l"> 340: </a>    <span class="php-keyword1">public</span> <span class="php-keyword1">function</span> resourceInheritsFrom(<span class="php-var">$resource</span>, <span class="php-var">$inherit</span>, <span class="php-var">$onlyParent</span> = <span class="php-keyword1">FALSE</span>)
<a href="#341" id="341" class="l"> 341: </a>    {
<a href="#342" id="342" class="l"> 342: </a>        <span class="php-var">$this</span>-&gt;checkResource(<span class="php-var">$resource</span>);
<a href="#343" id="343" class="l"> 343: </a>        <span class="php-var">$this</span>-&gt;checkResource(<span class="php-var">$inherit</span>);
<a href="#344" id="344" class="l"> 344: </a>
<a href="#345" id="345" class="l"> 345: </a>        <span class="php-keyword1">if</span> (<span class="php-var">$this</span>-&gt;resources[<span class="php-var">$resource</span>][<span class="php-quote">'parent'</span>] === <span class="php-keyword1">NULL</span>) {
<a href="#346" id="346" class="l"> 346: </a>            <span class="php-keyword1">return</span> <span class="php-keyword1">FALSE</span>;
<a href="#347" id="347" class="l"> 347: </a>        }
<a href="#348" id="348" class="l"> 348: </a>
<a href="#349" id="349" class="l"> 349: </a>        <span class="php-var">$parent</span> = <span class="php-var">$this</span>-&gt;resources[<span class="php-var">$resource</span>][<span class="php-quote">'parent'</span>];
<a href="#350" id="350" class="l"> 350: </a>        <span class="php-keyword1">if</span> (<span class="php-var">$inherit</span> === <span class="php-var">$parent</span>) {
<a href="#351" id="351" class="l"> 351: </a>            <span class="php-keyword1">return</span> <span class="php-keyword1">TRUE</span>;
<a href="#352" id="352" class="l"> 352: </a>
<a href="#353" id="353" class="l"> 353: </a>        } <span class="php-keyword1">elseif</span> (<span class="php-var">$onlyParent</span>) {
<a href="#354" id="354" class="l"> 354: </a>            <span class="php-keyword1">return</span> <span class="php-keyword1">FALSE</span>;
<a href="#355" id="355" class="l"> 355: </a>        }
<a href="#356" id="356" class="l"> 356: </a>
<a href="#357" id="357" class="l"> 357: </a>        <span class="php-keyword1">while</span> (<span class="php-var">$this</span>-&gt;resources[<span class="php-var">$parent</span>][<span class="php-quote">'parent'</span>] !== <span class="php-keyword1">NULL</span>) {
<a href="#358" id="358" class="l"> 358: </a>            <span class="php-var">$parent</span> = <span class="php-var">$this</span>-&gt;resources[<span class="php-var">$parent</span>][<span class="php-quote">'parent'</span>];
<a href="#359" id="359" class="l"> 359: </a>            <span class="php-keyword1">if</span> (<span class="php-var">$inherit</span> === <span class="php-var">$parent</span>) {
<a href="#360" id="360" class="l"> 360: </a>                <span class="php-keyword1">return</span> <span class="php-keyword1">TRUE</span>;
<a href="#361" id="361" class="l"> 361: </a>            }
<a href="#362" id="362" class="l"> 362: </a>        }
<a href="#363" id="363" class="l"> 363: </a>
<a href="#364" id="364" class="l"> 364: </a>        <span class="php-keyword1">return</span> <span class="php-keyword1">FALSE</span>;
<a href="#365" id="365" class="l"> 365: </a>    }
<a href="#366" id="366" class="l"> 366: </a>
<a href="#367" id="367" class="l"> 367: </a>
<a href="#368" id="368" class="l"> 368: </a>
<a href="#369" id="369" class="l"> 369: </a>    <span class="php-comment">/**
</span><a href="#370" id="370" class="l"> 370: </a><span class="php-comment">     * Removes a Resource and all of its children.
</span><a href="#371" id="371" class="l"> 371: </a><span class="php-comment">     *
</span><a href="#372" id="372" class="l"> 372: </a><span class="php-comment">     * @param  string
</span><a href="#373" id="373" class="l"> 373: </a><span class="php-comment">     * @throws \InvalidStateException
</span><a href="#374" id="374" class="l"> 374: </a><span class="php-comment">     * @return Permission  provides a fluent interface
</span><a href="#375" id="375" class="l"> 375: </a><span class="php-comment">     */</span>
<a href="#376" id="376" class="l"> 376: </a>    <span class="php-keyword1">public</span> <span class="php-keyword1">function</span> removeResource(<span class="php-var">$resource</span>)
<a href="#377" id="377" class="l"> 377: </a>    {
<a href="#378" id="378" class="l"> 378: </a>        <span class="php-var">$this</span>-&gt;checkResource(<span class="php-var">$resource</span>);
<a href="#379" id="379" class="l"> 379: </a>
<a href="#380" id="380" class="l"> 380: </a>        <span class="php-var">$parent</span> = <span class="php-var">$this</span>-&gt;resources[<span class="php-var">$resource</span>][<span class="php-quote">'parent'</span>];
<a href="#381" id="381" class="l"> 381: </a>        <span class="php-keyword1">if</span> (<span class="php-var">$parent</span> !== <span class="php-keyword1">NULL</span>) {
<a href="#382" id="382" class="l"> 382: </a>            <span class="php-keyword1">unset</span>(<span class="php-var">$this</span>-&gt;resources[<span class="php-var">$parent</span>][<span class="php-quote">'children'</span>][<span class="php-var">$resource</span>]);
<a href="#383" id="383" class="l"> 383: </a>        }
<a href="#384" id="384" class="l"> 384: </a>
<a href="#385" id="385" class="l"> 385: </a>        <span class="php-var">$removed</span> = <span class="php-keyword1">array</span>(<span class="php-var">$resource</span>);
<a href="#386" id="386" class="l"> 386: </a>        <span class="php-keyword1">foreach</span> (<span class="php-var">$this</span>-&gt;resources[<span class="php-var">$resource</span>][<span class="php-quote">'children'</span>] as <span class="php-var">$child</span> =&gt; <span class="php-var">$foo</span>) {
<a href="#387" id="387" class="l"> 387: </a>            <span class="php-var">$this</span>-&gt;removeResource(<span class="php-var">$child</span>);
<a href="#388" id="388" class="l"> 388: </a>            <span class="php-var">$removed</span>[] = <span class="php-var">$child</span>;
<a href="#389" id="389" class="l"> 389: </a>        }
<a href="#390" id="390" class="l"> 390: </a>
<a href="#391" id="391" class="l"> 391: </a>        <span class="php-keyword1">foreach</span> (<span class="php-var">$removed</span> as <span class="php-var">$resourceRemoved</span>) {
<a href="#392" id="392" class="l"> 392: </a>            <span class="php-keyword1">foreach</span> (<span class="php-var">$this</span>-&gt;rules[<span class="php-quote">'byResource'</span>] as <span class="php-var">$resourceCurrent</span> =&gt; <span class="php-var">$rules</span>) {
<a href="#393" id="393" class="l"> 393: </a>                <span class="php-keyword1">if</span> (<span class="php-var">$resourceRemoved</span> === <span class="php-var">$resourceCurrent</span>) {
<a href="#394" id="394" class="l"> 394: </a>                    <span class="php-keyword1">unset</span>(<span class="php-var">$this</span>-&gt;rules[<span class="php-quote">'byResource'</span>][<span class="php-var">$resourceCurrent</span>]);
<a href="#395" id="395" class="l"> 395: </a>                }
<a href="#396" id="396" class="l"> 396: </a>            }
<a href="#397" id="397" class="l"> 397: </a>        }
<a href="#398" id="398" class="l"> 398: </a>
<a href="#399" id="399" class="l"> 399: </a>        <span class="php-keyword1">unset</span>(<span class="php-var">$this</span>-&gt;resources[<span class="php-var">$resource</span>]);
<a href="#400" id="400" class="l"> 400: </a>
<a href="#401" id="401" class="l"> 401: </a>        <span class="php-keyword1">return</span> <span class="php-var">$this</span>;
<a href="#402" id="402" class="l"> 402: </a>    }
<a href="#403" id="403" class="l"> 403: </a>
<a href="#404" id="404" class="l"> 404: </a>
<a href="#405" id="405" class="l"> 405: </a>
<a href="#406" id="406" class="l"> 406: </a>    <span class="php-comment">/**
</span><a href="#407" id="407" class="l"> 407: </a><span class="php-comment">     * Removes all Resources.
</span><a href="#408" id="408" class="l"> 408: </a><span class="php-comment">     *
</span><a href="#409" id="409" class="l"> 409: </a><span class="php-comment">     * @return Permission  provides a fluent interface
</span><a href="#410" id="410" class="l"> 410: </a><span class="php-comment">     */</span>
<a href="#411" id="411" class="l"> 411: </a>    <span class="php-keyword1">public</span> <span class="php-keyword1">function</span> removeAllResources()
<a href="#412" id="412" class="l"> 412: </a>    {
<a href="#413" id="413" class="l"> 413: </a>        <span class="php-keyword1">foreach</span> (<span class="php-var">$this</span>-&gt;resources as <span class="php-var">$resource</span> =&gt; <span class="php-var">$foo</span>) {
<a href="#414" id="414" class="l"> 414: </a>            <span class="php-keyword1">foreach</span> (<span class="php-var">$this</span>-&gt;rules[<span class="php-quote">'byResource'</span>] as <span class="php-var">$resourceCurrent</span> =&gt; <span class="php-var">$rules</span>) {
<a href="#415" id="415" class="l"> 415: </a>                <span class="php-keyword1">if</span> (<span class="php-var">$resource</span> === <span class="php-var">$resourceCurrent</span>) {
<a href="#416" id="416" class="l"> 416: </a>                    <span class="php-keyword1">unset</span>(<span class="php-var">$this</span>-&gt;rules[<span class="php-quote">'byResource'</span>][<span class="php-var">$resourceCurrent</span>]);
<a href="#417" id="417" class="l"> 417: </a>                }
<a href="#418" id="418" class="l"> 418: </a>            }
<a href="#419" id="419" class="l"> 419: </a>        }
<a href="#420" id="420" class="l"> 420: </a>
<a href="#421" id="421" class="l"> 421: </a>        <span class="php-var">$this</span>-&gt;resources = <span class="php-keyword1">array</span>();
<a href="#422" id="422" class="l"> 422: </a>        <span class="php-keyword1">return</span> <span class="php-var">$this</span>;
<a href="#423" id="423" class="l"> 423: </a>    }
<a href="#424" id="424" class="l"> 424: </a>
<a href="#425" id="425" class="l"> 425: </a>
<a href="#426" id="426" class="l"> 426: </a>
<a href="#427" id="427" class="l"> 427: </a>    <span class="php-comment">/********************* defining rules ****************d*g**/</span>
<a href="#428" id="428" class="l"> 428: </a>
<a href="#429" id="429" class="l"> 429: </a>
<a href="#430" id="430" class="l"> 430: </a>
<a href="#431" id="431" class="l"> 431: </a>    <span class="php-comment">/**
</span><a href="#432" id="432" class="l"> 432: </a><span class="php-comment">     * Adds an &quot;allow&quot; rule to the list. A rule is added that would allow one
</span><a href="#433" id="433" class="l"> 433: </a><span class="php-comment">     * or more Roles access to [certain $privileges upon] the specified Resource(s).
</span><a href="#434" id="434" class="l"> 434: </a><span class="php-comment">     *
</span><a href="#435" id="435" class="l"> 435: </a><span class="php-comment">     * If either $roles or $resources is Permission::ALL, then the rule applies to all Roles or all Resources,
</span><a href="#436" id="436" class="l"> 436: </a><span class="php-comment">     * respectively. Both may be Permission::ALL in order to work with the default rule of the ACL.
</span><a href="#437" id="437" class="l"> 437: </a><span class="php-comment">     *
</span><a href="#438" id="438" class="l"> 438: </a><span class="php-comment">     * The $privileges parameter may be used to further specify that the rule applies only
</span><a href="#439" id="439" class="l"> 439: </a><span class="php-comment">     * to certain privileges upon the Resource(s) in question. This may be specified to be a single
</span><a href="#440" id="440" class="l"> 440: </a><span class="php-comment">     * privilege with a string, and multiple privileges may be specified as an array of strings.
</span><a href="#441" id="441" class="l"> 441: </a><span class="php-comment">     *
</span><a href="#442" id="442" class="l"> 442: </a><span class="php-comment">     * If $assertion is provided, then its assert() method must return TRUE in order for
</span><a href="#443" id="443" class="l"> 443: </a><span class="php-comment">     * the rule to apply. If $assertion is provided with $roles, $resources, and $privileges all
</span><a href="#444" id="444" class="l"> 444: </a><span class="php-comment">     * equal to NULL, then a rule will imply a type of DENY when the rule's assertion fails.
</span><a href="#445" id="445" class="l"> 445: </a><span class="php-comment">     *
</span><a href="#446" id="446" class="l"> 446: </a><span class="php-comment">     * @param  string|array|Permission::ALL  roles
</span><a href="#447" id="447" class="l"> 447: </a><span class="php-comment">     * @param  string|array|Permission::ALL  resources
</span><a href="#448" id="448" class="l"> 448: </a><span class="php-comment">     * @param  string|array|Permission::ALL  privileges
</span><a href="#449" id="449" class="l"> 449: </a><span class="php-comment">     * @param  IPermissionAssertion  assertion
</span><a href="#450" id="450" class="l"> 450: </a><span class="php-comment">     * @return Permission  provides a fluent interface
</span><a href="#451" id="451" class="l"> 451: </a><span class="php-comment">     */</span>
<a href="#452" id="452" class="l"> 452: </a>    <span class="php-keyword1">public</span> <span class="php-keyword1">function</span> allow(<span class="php-var">$roles</span> = self::ALL, <span class="php-var">$resources</span> = self::ALL, <span class="php-var">$privileges</span> = self::ALL, IPermissionAssertion <span class="php-var">$assertion</span> = <span class="php-keyword1">NULL</span>)
<a href="#453" id="453" class="l"> 453: </a>    {
<a href="#454" id="454" class="l"> 454: </a>        <span class="php-var">$this</span>-&gt;setRule(<span class="php-keyword1">TRUE</span>, self::ALLOW, <span class="php-var">$roles</span>, <span class="php-var">$resources</span>, <span class="php-var">$privileges</span>, <span class="php-var">$assertion</span>);
<a href="#455" id="455" class="l"> 455: </a>        <span class="php-keyword1">return</span> <span class="php-var">$this</span>;
<a href="#456" id="456" class="l"> 456: </a>    }
<a href="#457" id="457" class="l"> 457: </a>
<a href="#458" id="458" class="l"> 458: </a>
<a href="#459" id="459" class="l"> 459: </a>
<a href="#460" id="460" class="l"> 460: </a>    <span class="php-comment">/**
</span><a href="#461" id="461" class="l"> 461: </a><span class="php-comment">     * Adds a &quot;deny&quot; rule to the list. A rule is added that would deny one
</span><a href="#462" id="462" class="l"> 462: </a><span class="php-comment">     * or more Roles access to [certain $privileges upon] the specified Resource(s).
</span><a href="#463" id="463" class="l"> 463: </a><span class="php-comment">     *
</span><a href="#464" id="464" class="l"> 464: </a><span class="php-comment">     * If either $roles or $resources is Permission::ALL, then the rule applies to all Roles or all Resources,
</span><a href="#465" id="465" class="l"> 465: </a><span class="php-comment">     * respectively. Both may be Permission::ALL in order to work with the default rule of the ACL.
</span><a href="#466" id="466" class="l"> 466: </a><span class="php-comment">     *
</span><a href="#467" id="467" class="l"> 467: </a><span class="php-comment">     * The $privileges parameter may be used to further specify that the rule applies only
</span><a href="#468" id="468" class="l"> 468: </a><span class="php-comment">     * to certain privileges upon the Resource(s) in question. This may be specified to be a single
</span><a href="#469" id="469" class="l"> 469: </a><span class="php-comment">     * privilege with a string, and multiple privileges may be specified as an array of strings.
</span><a href="#470" id="470" class="l"> 470: </a><span class="php-comment">     *
</span><a href="#471" id="471" class="l"> 471: </a><span class="php-comment">     * If $assertion is provided, then its assert() method must return TRUE in order for
</span><a href="#472" id="472" class="l"> 472: </a><span class="php-comment">     * the rule to apply. If $assertion is provided with $roles, $resources, and $privileges all
</span><a href="#473" id="473" class="l"> 473: </a><span class="php-comment">     * equal to NULL, then a rule will imply a type of ALLOW when the rule's assertion fails.
</span><a href="#474" id="474" class="l"> 474: </a><span class="php-comment">     *
</span><a href="#475" id="475" class="l"> 475: </a><span class="php-comment">     * @param  string|array|Permission::ALL  roles
</span><a href="#476" id="476" class="l"> 476: </a><span class="php-comment">     * @param  string|array|Permission::ALL  resources
</span><a href="#477" id="477" class="l"> 477: </a><span class="php-comment">     * @param  string|array|Permission::ALL  privileges
</span><a href="#478" id="478" class="l"> 478: </a><span class="php-comment">     * @param  IPermissionAssertion  assertion
</span><a href="#479" id="479" class="l"> 479: </a><span class="php-comment">     * @return Permission  provides a fluent interface
</span><a href="#480" id="480" class="l"> 480: </a><span class="php-comment">     */</span>
<a href="#481" id="481" class="l"> 481: </a>    <span class="php-keyword1">public</span> <span class="php-keyword1">function</span> deny(<span class="php-var">$roles</span> = self::ALL, <span class="php-var">$resources</span> = self::ALL, <span class="php-var">$privileges</span> = self::ALL, IPermissionAssertion <span class="php-var">$assertion</span> = <span class="php-keyword1">NULL</span>)
<a href="#482" id="482" class="l"> 482: </a>    {
<a href="#483" id="483" class="l"> 483: </a>        <span class="php-var">$this</span>-&gt;setRule(<span class="php-keyword1">TRUE</span>, self::DENY, <span class="php-var">$roles</span>, <span class="php-var">$resources</span>, <span class="php-var">$privileges</span>, <span class="php-var">$assertion</span>);
<a href="#484" id="484" class="l"> 484: </a>        <span class="php-keyword1">return</span> <span class="php-var">$this</span>;
<a href="#485" id="485" class="l"> 485: </a>    }
<a href="#486" id="486" class="l"> 486: </a>
<a href="#487" id="487" class="l"> 487: </a>
<a href="#488" id="488" class="l"> 488: </a>
<a href="#489" id="489" class="l"> 489: </a>    <span class="php-comment">/**
</span><a href="#490" id="490" class="l"> 490: </a><span class="php-comment">     * Removes &quot;allow&quot; permissions from the list. The rule is removed only in the context
</span><a href="#491" id="491" class="l"> 491: </a><span class="php-comment">     * of the given Roles, Resources, and privileges. Existing rules to which the remove
</span><a href="#492" id="492" class="l"> 492: </a><span class="php-comment">     * operation does not apply would remain in the
</span><a href="#493" id="493" class="l"> 493: </a><span class="php-comment">     *
</span><a href="#494" id="494" class="l"> 494: </a><span class="php-comment">     * @param  string|array|Permission::ALL  roles
</span><a href="#495" id="495" class="l"> 495: </a><span class="php-comment">     * @param  string|array|Permission::ALL  resources
</span><a href="#496" id="496" class="l"> 496: </a><span class="php-comment">     * @param  string|array|Permission::ALL  privileges
</span><a href="#497" id="497" class="l"> 497: </a><span class="php-comment">     * @return Permission  provides a fluent interface
</span><a href="#498" id="498" class="l"> 498: </a><span class="php-comment">     */</span>
<a href="#499" id="499" class="l"> 499: </a>    <span class="php-keyword1">public</span> <span class="php-keyword1">function</span> removeAllow(<span class="php-var">$roles</span> = self::ALL, <span class="php-var">$resources</span> = self::ALL, <span class="php-var">$privileges</span> = self::ALL)
<a href="#500" id="500" class="l"> 500: </a>    {
<a href="#501" id="501" class="l"> 501: </a>        <span class="php-var">$this</span>-&gt;setRule(<span class="php-keyword1">FALSE</span>, self::ALLOW, <span class="php-var">$roles</span>, <span class="php-var">$resources</span>, <span class="php-var">$privileges</span>);
<a href="#502" id="502" class="l"> 502: </a>        <span class="php-keyword1">return</span> <span class="php-var">$this</span>;
<a href="#503" id="503" class="l"> 503: </a>    }
<a href="#504" id="504" class="l"> 504: </a>
<a href="#505" id="505" class="l"> 505: </a>
<a href="#506" id="506" class="l"> 506: </a>
<a href="#507" id="507" class="l"> 507: </a>    <span class="php-comment">/**
</span><a href="#508" id="508" class="l"> 508: </a><span class="php-comment">     * Removes &quot;deny&quot; restrictions from the list. The rule is removed only in the context
</span><a href="#509" id="509" class="l"> 509: </a><span class="php-comment">     * of the given Roles, Resources, and privileges. Existing rules to which the remove
</span><a href="#510" id="510" class="l"> 510: </a><span class="php-comment">     * operation does not apply would remain in the
</span><a href="#511" id="511" class="l"> 511: </a><span class="php-comment">     *
</span><a href="#512" id="512" class="l"> 512: </a><span class="php-comment">     * @param  string|array|Permission::ALL  roles
</span><a href="#513" id="513" class="l"> 513: </a><span class="php-comment">     * @param  string|array|Permission::ALL  resources
</span><a href="#514" id="514" class="l"> 514: </a><span class="php-comment">     * @param  string|array|Permission::ALL  privileges
</span><a href="#515" id="515" class="l"> 515: </a><span class="php-comment">     * @return Permission  provides a fluent interface
</span><a href="#516" id="516" class="l"> 516: </a><span class="php-comment">     */</span>
<a href="#517" id="517" class="l"> 517: </a>    <span class="php-keyword1">public</span> <span class="php-keyword1">function</span> removeDeny(<span class="php-var">$roles</span> = self::ALL, <span class="php-var">$resources</span> = self::ALL, <span class="php-var">$privileges</span> = self::ALL)
<a href="#518" id="518" class="l"> 518: </a>    {
<a href="#519" id="519" class="l"> 519: </a>        <span class="php-var">$this</span>-&gt;setRule(<span class="php-keyword1">FALSE</span>, self::DENY, <span class="php-var">$roles</span>, <span class="php-var">$resources</span>, <span class="php-var">$privileges</span>);
<a href="#520" id="520" class="l"> 520: </a>        <span class="php-keyword1">return</span> <span class="php-var">$this</span>;
<a href="#521" id="521" class="l"> 521: </a>    }
<a href="#522" id="522" class="l"> 522: </a>
<a href="#523" id="523" class="l"> 523: </a>
<a href="#524" id="524" class="l"> 524: </a>
<a href="#525" id="525" class="l"> 525: </a>    <span class="php-comment">/**
</span><a href="#526" id="526" class="l"> 526: </a><span class="php-comment">     * Performs operations on Access Control List rules.
</span><a href="#527" id="527" class="l"> 527: </a><span class="php-comment">     *
</span><a href="#528" id="528" class="l"> 528: </a><span class="php-comment">     * @param  bool  operation add?
</span><a href="#529" id="529" class="l"> 529: </a><span class="php-comment">     * @param  bool  type
</span><a href="#530" id="530" class="l"> 530: </a><span class="php-comment">     * @param  string|array|Permission::ALL  roles
</span><a href="#531" id="531" class="l"> 531: </a><span class="php-comment">     * @param  string|array|Permission::ALL  resources
</span><a href="#532" id="532" class="l"> 532: </a><span class="php-comment">     * @param  string|array|Permission::ALL  privileges
</span><a href="#533" id="533" class="l"> 533: </a><span class="php-comment">     * @param  IPermissionAssertion assertion
</span><a href="#534" id="534" class="l"> 534: </a><span class="php-comment">     * @throws \InvalidStateException
</span><a href="#535" id="535" class="l"> 535: </a><span class="php-comment">     * @return Permission  provides a fluent interface
</span><a href="#536" id="536" class="l"> 536: </a><span class="php-comment">     */</span>
<a href="#537" id="537" class="l"> 537: </a>    <span class="php-keyword1">protected</span> <span class="php-keyword1">function</span> setRule(<span class="php-var">$toAdd</span>, <span class="php-var">$type</span>, <span class="php-var">$roles</span>, <span class="php-var">$resources</span>, <span class="php-var">$privileges</span>, IPermissionAssertion <span class="php-var">$assertion</span> = <span class="php-keyword1">NULL</span>)
<a href="#538" id="538" class="l"> 538: </a>    {
<a href="#539" id="539" class="l"> 539: </a>        <span class="php-comment">// ensure that all specified Roles exist; normalize input to array of Roles or NULL
</span><a href="#540" id="540" class="l"> 540: </a>        <span class="php-keyword1">if</span> (<span class="php-var">$roles</span> === self::ALL) {
<a href="#541" id="541" class="l"> 541: </a>            <span class="php-var">$roles</span> = <span class="php-keyword1">array</span>(self::ALL);
<a href="#542" id="542" class="l"> 542: </a>
<a href="#543" id="543" class="l"> 543: </a>        } <span class="php-keyword1">else</span> {
<a href="#544" id="544" class="l"> 544: </a>            <span class="php-keyword1">if</span> (!<span class="php-keyword2">is_array</span>(<span class="php-var">$roles</span>)) {
<a href="#545" id="545" class="l"> 545: </a>                <span class="php-var">$roles</span> = <span class="php-keyword1">array</span>(<span class="php-var">$roles</span>);
<a href="#546" id="546" class="l"> 546: </a>            }
<a href="#547" id="547" class="l"> 547: </a>
<a href="#548" id="548" class="l"> 548: </a>            <span class="php-keyword1">foreach</span> (<span class="php-var">$roles</span> as <span class="php-var">$role</span>) {
<a href="#549" id="549" class="l"> 549: </a>                <span class="php-var">$this</span>-&gt;checkRole(<span class="php-var">$role</span>);
<a href="#550" id="550" class="l"> 550: </a>            }
<a href="#551" id="551" class="l"> 551: </a>        }
<a href="#552" id="552" class="l"> 552: </a>
<a href="#553" id="553" class="l"> 553: </a>        <span class="php-comment">// ensure that all specified Resources exist; normalize input to array of Resources or NULL
</span><a href="#554" id="554" class="l"> 554: </a>        <span class="php-keyword1">if</span> (<span class="php-var">$resources</span> === self::ALL) {
<a href="#555" id="555" class="l"> 555: </a>            <span class="php-var">$resources</span> = <span class="php-keyword1">array</span>(self::ALL);
<a href="#556" id="556" class="l"> 556: </a>
<a href="#557" id="557" class="l"> 557: </a>        } <span class="php-keyword1">else</span> {
<a href="#558" id="558" class="l"> 558: </a>            <span class="php-keyword1">if</span> (!<span class="php-keyword2">is_array</span>(<span class="php-var">$resources</span>)) {
<a href="#559" id="559" class="l"> 559: </a>                <span class="php-var">$resources</span> = <span class="php-keyword1">array</span>(<span class="php-var">$resources</span>);
<a href="#560" id="560" class="l"> 560: </a>            }
<a href="#561" id="561" class="l"> 561: </a>
<a href="#562" id="562" class="l"> 562: </a>            <span class="php-keyword1">foreach</span> (<span class="php-var">$resources</span> as <span class="php-var">$resource</span>) {
<a href="#563" id="563" class="l"> 563: </a>                <span class="php-var">$this</span>-&gt;checkResource(<span class="php-var">$resource</span>);
<a href="#564" id="564" class="l"> 564: </a>            }
<a href="#565" id="565" class="l"> 565: </a>        }
<a href="#566" id="566" class="l"> 566: </a>
<a href="#567" id="567" class="l"> 567: </a>        <span class="php-comment">// normalize privileges to array
</span><a href="#568" id="568" class="l"> 568: </a>        <span class="php-keyword1">if</span> (<span class="php-var">$privileges</span> === self::ALL) {
<a href="#569" id="569" class="l"> 569: </a>            <span class="php-var">$privileges</span> = <span class="php-keyword1">array</span>();
<a href="#570" id="570" class="l"> 570: </a>
<a href="#571" id="571" class="l"> 571: </a>        } <span class="php-keyword1">elseif</span> (!<span class="php-keyword2">is_array</span>(<span class="php-var">$privileges</span>)) {
<a href="#572" id="572" class="l"> 572: </a>            <span class="php-var">$privileges</span> = <span class="php-keyword1">array</span>(<span class="php-var">$privileges</span>);
<a href="#573" id="573" class="l"> 573: </a>        }
<a href="#574" id="574" class="l"> 574: </a>
<a href="#575" id="575" class="l"> 575: </a>
<a href="#576" id="576" class="l"> 576: </a>        <span class="php-keyword1">if</span> (<span class="php-var">$toAdd</span>) { <span class="php-comment">// add to the rules
</span><a href="#577" id="577" class="l"> 577: </a>            <span class="php-keyword1">foreach</span> (<span class="php-var">$resources</span> as <span class="php-var">$resource</span>) {
<a href="#578" id="578" class="l"> 578: </a>                <span class="php-keyword1">foreach</span> (<span class="php-var">$roles</span> as <span class="php-var">$role</span>) {
<a href="#579" id="579" class="l"> 579: </a>                    <span class="php-var">$rules</span> = &amp; <span class="php-var">$this</span>-&gt;getRules(<span class="php-var">$resource</span>, <span class="php-var">$role</span>, <span class="php-keyword1">TRUE</span>);
<a href="#580" id="580" class="l"> 580: </a>                    <span class="php-keyword1">if</span> (<span class="php-keyword2">count</span>(<span class="php-var">$privileges</span>) === <span class="php-num">0</span>) {
<a href="#581" id="581" class="l"> 581: </a>                        <span class="php-var">$rules</span>[<span class="php-quote">'allPrivileges'</span>][<span class="php-quote">'type'</span>] = <span class="php-var">$type</span>;
<a href="#582" id="582" class="l"> 582: </a>                        <span class="php-var">$rules</span>[<span class="php-quote">'allPrivileges'</span>][<span class="php-quote">'assert'</span>] = <span class="php-var">$assertion</span>;
<a href="#583" id="583" class="l"> 583: </a>                        <span class="php-keyword1">if</span> (!<span class="php-keyword1">isset</span>(<span class="php-var">$rules</span>[<span class="php-quote">'byPrivilege'</span>])) {
<a href="#584" id="584" class="l"> 584: </a>                            <span class="php-var">$rules</span>[<span class="php-quote">'byPrivilege'</span>] = <span class="php-keyword1">array</span>();
<a href="#585" id="585" class="l"> 585: </a>                        }
<a href="#586" id="586" class="l"> 586: </a>                    } <span class="php-keyword1">else</span> {
<a href="#587" id="587" class="l"> 587: </a>                        <span class="php-keyword1">foreach</span> (<span class="php-var">$privileges</span> as <span class="php-var">$privilege</span>) {
<a href="#588" id="588" class="l"> 588: </a>                            <span class="php-var">$rules</span>[<span class="php-quote">'byPrivilege'</span>][<span class="php-var">$privilege</span>][<span class="php-quote">'type'</span>] = <span class="php-var">$type</span>;
<a href="#589" id="589" class="l"> 589: </a>                            <span class="php-var">$rules</span>[<span class="php-quote">'byPrivilege'</span>][<span class="php-var">$privilege</span>][<span class="php-quote">'assert'</span>] = <span class="php-var">$assertion</span>;
<a href="#590" id="590" class="l"> 590: </a>                        }
<a href="#591" id="591" class="l"> 591: </a>                    }
<a href="#592" id="592" class="l"> 592: </a>                }
<a href="#593" id="593" class="l"> 593: </a>            }
<a href="#594" id="594" class="l"> 594: </a>
<a href="#595" id="595" class="l"> 595: </a>        } <span class="php-keyword1">else</span> { <span class="php-comment">// remove from the rules
</span><a href="#596" id="596" class="l"> 596: </a>            <span class="php-keyword1">foreach</span> (<span class="php-var">$resources</span> as <span class="php-var">$resource</span>) {
<a href="#597" id="597" class="l"> 597: </a>                <span class="php-keyword1">foreach</span> (<span class="php-var">$roles</span> as <span class="php-var">$role</span>) {
<a href="#598" id="598" class="l"> 598: </a>                    <span class="php-var">$rules</span> = &amp; <span class="php-var">$this</span>-&gt;getRules(<span class="php-var">$resource</span>, <span class="php-var">$role</span>);
<a href="#599" id="599" class="l"> 599: </a>                    <span class="php-keyword1">if</span> (<span class="php-var">$rules</span> === <span class="php-keyword1">NULL</span>) {
<a href="#600" id="600" class="l"> 600: </a>                        <span class="php-keyword1">continue</span>;
<a href="#601" id="601" class="l"> 601: </a>                    }
<a href="#602" id="602" class="l"> 602: </a>                    <span class="php-keyword1">if</span> (<span class="php-keyword2">count</span>(<span class="php-var">$privileges</span>) === <span class="php-num">0</span>) {
<a href="#603" id="603" class="l"> 603: </a>                        <span class="php-keyword1">if</span> (<span class="php-var">$resource</span> === self::ALL &amp;&amp; <span class="php-var">$role</span> === self::ALL) {
<a href="#604" id="604" class="l"> 604: </a>                            <span class="php-keyword1">if</span> (<span class="php-var">$type</span> === <span class="php-var">$rules</span>[<span class="php-quote">'allPrivileges'</span>][<span class="php-quote">'type'</span>]) {
<a href="#605" id="605" class="l"> 605: </a>                                <span class="php-var">$rules</span> = <span class="php-keyword1">array</span>(
<a href="#606" id="606" class="l"> 606: </a>                                    <span class="php-quote">'allPrivileges'</span> =&gt; <span class="php-keyword1">array</span>(
<a href="#607" id="607" class="l"> 607: </a>                                        <span class="php-quote">'type'</span>   =&gt; self::DENY,
<a href="#608" id="608" class="l"> 608: </a>                                        <span class="php-quote">'assert'</span> =&gt; <span class="php-keyword1">NULL</span>
<a href="#609" id="609" class="l"> 609: </a>                                        ),
<a href="#610" id="610" class="l"> 610: </a>                                    <span class="php-quote">'byPrivilege'</span> =&gt; <span class="php-keyword1">array</span>()
<a href="#611" id="611" class="l"> 611: </a>                                    );
<a href="#612" id="612" class="l"> 612: </a>                            }
<a href="#613" id="613" class="l"> 613: </a>                            <span class="php-keyword1">continue</span>;
<a href="#614" id="614" class="l"> 614: </a>                        }
<a href="#615" id="615" class="l"> 615: </a>                        <span class="php-keyword1">if</span> (<span class="php-var">$type</span> === <span class="php-var">$rules</span>[<span class="php-quote">'allPrivileges'</span>][<span class="php-quote">'type'</span>]) {
<a href="#616" id="616" class="l"> 616: </a>                            <span class="php-keyword1">unset</span>(<span class="php-var">$rules</span>[<span class="php-quote">'allPrivileges'</span>]);
<a href="#617" id="617" class="l"> 617: </a>                        }
<a href="#618" id="618" class="l"> 618: </a>                    } <span class="php-keyword1">else</span> {
<a href="#619" id="619" class="l"> 619: </a>                        <span class="php-keyword1">foreach</span> (<span class="php-var">$privileges</span> as <span class="php-var">$privilege</span>) {
<a href="#620" id="620" class="l"> 620: </a>                            <span class="php-keyword1">if</span> (<span class="php-keyword1">isset</span>(<span class="php-var">$rules</span>[<span class="php-quote">'byPrivilege'</span>][<span class="php-var">$privilege</span>]) &amp;&amp;
<a href="#621" id="621" class="l"> 621: </a>                                <span class="php-var">$type</span> === <span class="php-var">$rules</span>[<span class="php-quote">'byPrivilege'</span>][<span class="php-var">$privilege</span>][<span class="php-quote">'type'</span>]) {
<a href="#622" id="622" class="l"> 622: </a>                                <span class="php-keyword1">unset</span>(<span class="php-var">$rules</span>[<span class="php-quote">'byPrivilege'</span>][<span class="php-var">$privilege</span>]);
<a href="#623" id="623" class="l"> 623: </a>                            }
<a href="#624" id="624" class="l"> 624: </a>                        }
<a href="#625" id="625" class="l"> 625: </a>                    }
<a href="#626" id="626" class="l"> 626: </a>                }
<a href="#627" id="627" class="l"> 627: </a>            }
<a href="#628" id="628" class="l"> 628: </a>        }
<a href="#629" id="629" class="l"> 629: </a>        <span class="php-keyword1">return</span> <span class="php-var">$this</span>;
<a href="#630" id="630" class="l"> 630: </a>    }
<a href="#631" id="631" class="l"> 631: </a>
<a href="#632" id="632" class="l"> 632: </a>
<a href="#633" id="633" class="l"> 633: </a>
<a href="#634" id="634" class="l"> 634: </a>    <span class="php-comment">/********************* querying the ACL ****************d*g**/</span>
<a href="#635" id="635" class="l"> 635: </a>
<a href="#636" id="636" class="l"> 636: </a>
<a href="#637" id="637" class="l"> 637: </a>
<a href="#638" id="638" class="l"> 638: </a>    <span class="php-comment">/**
</span><a href="#639" id="639" class="l"> 639: </a><span class="php-comment">     * Returns TRUE if and only if the Role has access to the Resource.
</span><a href="#640" id="640" class="l"> 640: </a><span class="php-comment">     *
</span><a href="#641" id="641" class="l"> 641: </a><span class="php-comment">     * If either $role or $resource is Permission::ALL, then the query applies to all Roles or all Resources,
</span><a href="#642" id="642" class="l"> 642: </a><span class="php-comment">     * respectively. Both may be Permission::ALL to query whether the ACL has a &quot;blacklist&quot; rule
</span><a href="#643" id="643" class="l"> 643: </a><span class="php-comment">     * (allow everything to all). By default, Permission creates a &quot;whitelist&quot; rule (deny
</span><a href="#644" id="644" class="l"> 644: </a><span class="php-comment">     * everything to all), and this method would return FALSE unless this default has
</span><a href="#645" id="645" class="l"> 645: </a><span class="php-comment">     * been overridden (i.e., by executing $acl-&gt;allow()).
</span><a href="#646" id="646" class="l"> 646: </a><span class="php-comment">     *
</span><a href="#647" id="647" class="l"> 647: </a><span class="php-comment">     * If a $privilege is not provided, then this method returns FALSE if and only if the
</span><a href="#648" id="648" class="l"> 648: </a><span class="php-comment">     * Role is denied access to at least one privilege upon the Resource. In other words, this
</span><a href="#649" id="649" class="l"> 649: </a><span class="php-comment">     * method returns TRUE if and only if the Role is allowed all privileges on the Resource.
</span><a href="#650" id="650" class="l"> 650: </a><span class="php-comment">     *
</span><a href="#651" id="651" class="l"> 651: </a><span class="php-comment">     * This method checks Role inheritance using a depth-first traversal of the Role list.
</span><a href="#652" id="652" class="l"> 652: </a><span class="php-comment">     * The highest priority parent (i.e., the parent most recently added) is checked first,
</span><a href="#653" id="653" class="l"> 653: </a><span class="php-comment">     * and its respective parents are checked similarly before the lower-priority parents of
</span><a href="#654" id="654" class="l"> 654: </a><span class="php-comment">     * the Role are checked.
</span><a href="#655" id="655" class="l"> 655: </a><span class="php-comment">     *
</span><a href="#656" id="656" class="l"> 656: </a><span class="php-comment">     * @param  string|Permission::ALL|IRole  role
</span><a href="#657" id="657" class="l"> 657: </a><span class="php-comment">     * @param  string|Permission::ALL|IResource  resource
</span><a href="#658" id="658" class="l"> 658: </a><span class="php-comment">     * @param  string|Permission::ALL  privilege
</span><a href="#659" id="659" class="l"> 659: </a><span class="php-comment">     * @throws \InvalidStateException
</span><a href="#660" id="660" class="l"> 660: </a><span class="php-comment">     * @return bool
</span><a href="#661" id="661" class="l"> 661: </a><span class="php-comment">     */</span>
<a href="#662" id="662" class="l"> 662: </a>    <span class="php-keyword1">public</span> <span class="php-keyword1">function</span> isAllowed(<span class="php-var">$role</span> = self::ALL, <span class="php-var">$resource</span> = self::ALL, <span class="php-var">$privilege</span> = self::ALL)
<a href="#663" id="663" class="l"> 663: </a>    {
<a href="#664" id="664" class="l"> 664: </a>        <span class="php-var">$this</span>-&gt;queriedRole = <span class="php-var">$role</span>;
<a href="#665" id="665" class="l"> 665: </a>        <span class="php-keyword1">if</span> (<span class="php-var">$role</span> !== self::ALL) {
<a href="#666" id="666" class="l"> 666: </a>            <span class="php-keyword1">if</span> (<span class="php-var">$role</span> <span class="php-keyword1">instanceof</span> IRole) {
<a href="#667" id="667" class="l"> 667: </a>                <span class="php-var">$role</span> = <span class="php-var">$role</span>-&gt;getRoleId();
<a href="#668" id="668" class="l"> 668: </a>            }
<a href="#669" id="669" class="l"> 669: </a>            <span class="php-var">$this</span>-&gt;checkRole(<span class="php-var">$role</span>);
<a href="#670" id="670" class="l"> 670: </a>        }
<a href="#671" id="671" class="l"> 671: </a>
<a href="#672" id="672" class="l"> 672: </a>        <span class="php-var">$this</span>-&gt;queriedResource = <span class="php-var">$resource</span>;
<a href="#673" id="673" class="l"> 673: </a>        <span class="php-keyword1">if</span> (<span class="php-var">$resource</span> !== self::ALL) {
<a href="#674" id="674" class="l"> 674: </a>            <span class="php-keyword1">if</span> (<span class="php-var">$resource</span> <span class="php-keyword1">instanceof</span> IResource) {
<a href="#675" id="675" class="l"> 675: </a>                <span class="php-var">$resource</span> = <span class="php-var">$resource</span>-&gt;getResourceId();
<a href="#676" id="676" class="l"> 676: </a>            }
<a href="#677" id="677" class="l"> 677: </a>            <span class="php-var">$this</span>-&gt;checkResource(<span class="php-var">$resource</span>);
<a href="#678" id="678" class="l"> 678: </a>        }
<a href="#679" id="679" class="l"> 679: </a>
<a href="#680" id="680" class="l"> 680: </a>        <span class="php-keyword1">if</span> (<span class="php-var">$privilege</span> === self::ALL) {
<a href="#681" id="681" class="l"> 681: </a>            <span class="php-comment">// query on all privileges
</span><a href="#682" id="682" class="l"> 682: </a>            <span class="php-keyword1">do</span> {
<a href="#683" id="683" class="l"> 683: </a>                <span class="php-comment">// depth-first search on $role if it is not 'allRoles' pseudo-parent
</span><a href="#684" id="684" class="l"> 684: </a>                <span class="php-keyword1">if</span> (<span class="php-var">$role</span> !== <span class="php-keyword1">NULL</span> &amp;&amp; <span class="php-keyword1">NULL</span> !== (<span class="php-var">$result</span> = <span class="php-var">$this</span>-&gt;roleDFSAllPrivileges(<span class="php-var">$role</span>, <span class="php-var">$resource</span>))) {
<a href="#685" id="685" class="l"> 685: </a>                    <span class="php-keyword1">break</span>;
<a href="#686" id="686" class="l"> 686: </a>                }
<a href="#687" id="687" class="l"> 687: </a>
<a href="#688" id="688" class="l"> 688: </a>                <span class="php-comment">// look for rule on 'allRoles' psuedo-parent
</span><a href="#689" id="689" class="l"> 689: </a>                <span class="php-keyword1">if</span> (<span class="php-keyword1">NULL</span> !== (<span class="php-var">$rules</span> = <span class="php-var">$this</span>-&gt;getRules(<span class="php-var">$resource</span>, self::ALL))) {
<a href="#690" id="690" class="l"> 690: </a>                    <span class="php-keyword1">foreach</span> (<span class="php-var">$rules</span>[<span class="php-quote">'byPrivilege'</span>] as <span class="php-var">$privilege</span> =&gt; <span class="php-var">$rule</span>) {
<a href="#691" id="691" class="l"> 691: </a>                        <span class="php-keyword1">if</span> (self::DENY === (<span class="php-var">$ruleTypeOnePrivilege</span> = <span class="php-var">$this</span>-&gt;getRuleType(<span class="php-var">$resource</span>, <span class="php-keyword1">NULL</span>, <span class="php-var">$privilege</span>))) {
<a href="#692" id="692" class="l"> 692: </a>                            <span class="php-var">$result</span> = self::DENY;
<a href="#693" id="693" class="l"> 693: </a>                            <span class="php-keyword1">break</span> <span class="php-num">2</span>;
<a href="#694" id="694" class="l"> 694: </a>                        }
<a href="#695" id="695" class="l"> 695: </a>                    }
<a href="#696" id="696" class="l"> 696: </a>                    <span class="php-keyword1">if</span> (<span class="php-keyword1">NULL</span> !== (<span class="php-var">$ruleTypeAllPrivileges</span> = <span class="php-var">$this</span>-&gt;getRuleType(<span class="php-var">$resource</span>, <span class="php-keyword1">NULL</span>, <span class="php-keyword1">NULL</span>))) {
<a href="#697" id="697" class="l"> 697: </a>                        <span class="php-var">$result</span> = self::ALLOW === <span class="php-var">$ruleTypeAllPrivileges</span>;
<a href="#698" id="698" class="l"> 698: </a>                        <span class="php-keyword1">break</span>;
<a href="#699" id="699" class="l"> 699: </a>                    }
<a href="#700" id="700" class="l"> 700: </a>                }
<a href="#701" id="701" class="l"> 701: </a>
<a href="#702" id="702" class="l"> 702: </a>                <span class="php-comment">// try next Resource
</span><a href="#703" id="703" class="l"> 703: </a>                <span class="php-var">$resource</span> = <span class="php-var">$this</span>-&gt;resources[<span class="php-var">$resource</span>][<span class="php-quote">'parent'</span>];
<a href="#704" id="704" class="l"> 704: </a>
<a href="#705" id="705" class="l"> 705: </a>            } <span class="php-keyword1">while</span> (<span class="php-keyword1">TRUE</span>); <span class="php-comment">// loop terminates at 'allResources' pseudo-parent
</span><a href="#706" id="706" class="l"> 706: </a>
<a href="#707" id="707" class="l"> 707: </a>        } <span class="php-keyword1">else</span> {
<a href="#708" id="708" class="l"> 708: </a>            <span class="php-comment">// query on one privilege
</span><a href="#709" id="709" class="l"> 709: </a>            <span class="php-keyword1">do</span> {
<a href="#710" id="710" class="l"> 710: </a>                <span class="php-comment">// depth-first search on $role if it is not 'allRoles' pseudo-parent
</span><a href="#711" id="711" class="l"> 711: </a>                <span class="php-keyword1">if</span> (<span class="php-var">$role</span> !== <span class="php-keyword1">NULL</span> &amp;&amp; <span class="php-keyword1">NULL</span> !== (<span class="php-var">$result</span> = <span class="php-var">$this</span>-&gt;roleDFSOnePrivilege(<span class="php-var">$role</span>, <span class="php-var">$resource</span>, <span class="php-var">$privilege</span>))) {
<a href="#712" id="712" class="l"> 712: </a>                    <span class="php-keyword1">break</span>;
<a href="#713" id="713" class="l"> 713: </a>                }
<a href="#714" id="714" class="l"> 714: </a>
<a href="#715" id="715" class="l"> 715: </a>                <span class="php-comment">// look for rule on 'allRoles' pseudo-parent
</span><a href="#716" id="716" class="l"> 716: </a>                <span class="php-keyword1">if</span> (<span class="php-keyword1">NULL</span> !== (<span class="php-var">$ruleType</span> = <span class="php-var">$this</span>-&gt;getRuleType(<span class="php-var">$resource</span>, <span class="php-keyword1">NULL</span>, <span class="php-var">$privilege</span>))) {
<a href="#717" id="717" class="l"> 717: </a>                    <span class="php-var">$result</span> = self::ALLOW === <span class="php-var">$ruleType</span>;
<a href="#718" id="718" class="l"> 718: </a>                    <span class="php-keyword1">break</span>;
<a href="#719" id="719" class="l"> 719: </a>
<a href="#720" id="720" class="l"> 720: </a>                } <span class="php-keyword1">elseif</span> (<span class="php-keyword1">NULL</span> !== (<span class="php-var">$ruleTypeAllPrivileges</span> = <span class="php-var">$this</span>-&gt;getRuleType(<span class="php-var">$resource</span>, <span class="php-keyword1">NULL</span>, <span class="php-keyword1">NULL</span>))) {
<a href="#721" id="721" class="l"> 721: </a>                    <span class="php-var">$result</span> = self::ALLOW === <span class="php-var">$ruleTypeAllPrivileges</span>;
<a href="#722" id="722" class="l"> 722: </a>                    <span class="php-keyword1">break</span>;
<a href="#723" id="723" class="l"> 723: </a>                }
<a href="#724" id="724" class="l"> 724: </a>
<a href="#725" id="725" class="l"> 725: </a>                <span class="php-comment">// try next Resource
</span><a href="#726" id="726" class="l"> 726: </a>                <span class="php-var">$resource</span> = <span class="php-var">$this</span>-&gt;resources[<span class="php-var">$resource</span>][<span class="php-quote">'parent'</span>];
<a href="#727" id="727" class="l"> 727: </a>
<a href="#728" id="728" class="l"> 728: </a>            } <span class="php-keyword1">while</span> (<span class="php-keyword1">TRUE</span>); <span class="php-comment">// loop terminates at 'allResources' pseudo-parent
</span><a href="#729" id="729" class="l"> 729: </a>        }
<a href="#730" id="730" class="l"> 730: </a>
<a href="#731" id="731" class="l"> 731: </a>        <span class="php-var">$this</span>-&gt;queriedRole = <span class="php-var">$this</span>-&gt;queriedResource = <span class="php-keyword1">NULL</span>;
<a href="#732" id="732" class="l"> 732: </a>        <span class="php-keyword1">return</span> <span class="php-var">$result</span>;
<a href="#733" id="733" class="l"> 733: </a>    }
<a href="#734" id="734" class="l"> 734: </a>
<a href="#735" id="735" class="l"> 735: </a>
<a href="#736" id="736" class="l"> 736: </a>
<a href="#737" id="737" class="l"> 737: </a>    <span class="php-comment">/**
</span><a href="#738" id="738" class="l"> 738: </a><span class="php-comment">     * Returns real currently queried Role. Use by {@link IPermissionAssertion::asert()}.
</span><a href="#739" id="739" class="l"> 739: </a><span class="php-comment">     * @return mixed
</span><a href="#740" id="740" class="l"> 740: </a><span class="php-comment">     */</span>
<a href="#741" id="741" class="l"> 741: </a>    <span class="php-keyword1">public</span> <span class="php-keyword1">function</span> getQueriedRole()
<a href="#742" id="742" class="l"> 742: </a>    {
<a href="#743" id="743" class="l"> 743: </a>        <span class="php-keyword1">return</span> <span class="php-var">$this</span>-&gt;queriedRole;
<a href="#744" id="744" class="l"> 744: </a>    }
<a href="#745" id="745" class="l"> 745: </a>
<a href="#746" id="746" class="l"> 746: </a>
<a href="#747" id="747" class="l"> 747: </a>
<a href="#748" id="748" class="l"> 748: </a>    <span class="php-comment">/**
</span><a href="#749" id="749" class="l"> 749: </a><span class="php-comment">     * Returns real currently queried Resource. Use by {@link IPermissionAssertion::asert()}.
</span><a href="#750" id="750" class="l"> 750: </a><span class="php-comment">     * @return mixed
</span><a href="#751" id="751" class="l"> 751: </a><span class="php-comment">     */</span>
<a href="#752" id="752" class="l"> 752: </a>    <span class="php-keyword1">public</span> <span class="php-keyword1">function</span> getQueriedResource()
<a href="#753" id="753" class="l"> 753: </a>    {
<a href="#754" id="754" class="l"> 754: </a>        <span class="php-keyword1">return</span> <span class="php-var">$this</span>-&gt;queriedResource;
<a href="#755" id="755" class="l"> 755: </a>    }
<a href="#756" id="756" class="l"> 756: </a>
<a href="#757" id="757" class="l"> 757: </a>
<a href="#758" id="758" class="l"> 758: </a>
<a href="#759" id="759" class="l"> 759: </a>    <span class="php-comment">/********************* internals ****************d*g**/</span>
<a href="#760" id="760" class="l"> 760: </a>
<a href="#761" id="761" class="l"> 761: </a>
<a href="#762" id="762" class="l"> 762: </a>
<a href="#763" id="763" class="l"> 763: </a>    <span class="php-comment">/**
</span><a href="#764" id="764" class="l"> 764: </a><span class="php-comment">     * Performs a depth-first search of the Role DAG, starting at $role, in order to find a rule.
</span><a href="#765" id="765" class="l"> 765: </a><span class="php-comment">     * allowing/denying $role access to all privileges upon $resource
</span><a href="#766" id="766" class="l"> 766: </a><span class="php-comment">     *
</span><a href="#767" id="767" class="l"> 767: </a><span class="php-comment">     * This method returns TRUE if a rule is found and allows access. If a rule exists and denies access,
</span><a href="#768" id="768" class="l"> 768: </a><span class="php-comment">     * then this method returns FALSE. If no applicable rule is found, then this method returns NULL.
</span><a href="#769" id="769" class="l"> 769: </a><span class="php-comment">     *
</span><a href="#770" id="770" class="l"> 770: </a><span class="php-comment">     * @param  string  role
</span><a href="#771" id="771" class="l"> 771: </a><span class="php-comment">     * @param  string  resource
</span><a href="#772" id="772" class="l"> 772: </a><span class="php-comment">     * @return bool|NULL
</span><a href="#773" id="773" class="l"> 773: </a><span class="php-comment">     */</span>
<a href="#774" id="774" class="l"> 774: </a>    <span class="php-keyword1">private</span> <span class="php-keyword1">function</span> roleDFSAllPrivileges(<span class="php-var">$role</span>, <span class="php-var">$resource</span>)
<a href="#775" id="775" class="l"> 775: </a>    {
<a href="#776" id="776" class="l"> 776: </a>        <span class="php-var">$dfs</span> = <span class="php-keyword1">array</span>(
<a href="#777" id="777" class="l"> 777: </a>            <span class="php-quote">'visited'</span> =&gt; <span class="php-keyword1">array</span>(),
<a href="#778" id="778" class="l"> 778: </a>            <span class="php-quote">'stack'</span>   =&gt; <span class="php-keyword1">array</span>(<span class="php-var">$role</span>),
<a href="#779" id="779" class="l"> 779: </a>        );
<a href="#780" id="780" class="l"> 780: </a>
<a href="#781" id="781" class="l"> 781: </a>        <span class="php-keyword1">while</span> (<span class="php-keyword1">NULL</span> !== (<span class="php-var">$role</span> = <span class="php-keyword2">array_pop</span>(<span class="php-var">$dfs</span>[<span class="php-quote">'stack'</span>]))) {
<a href="#782" id="782" class="l"> 782: </a>            <span class="php-keyword1">if</span> (!<span class="php-keyword1">isset</span>(<span class="php-var">$dfs</span>[<span class="php-quote">'visited'</span>][<span class="php-var">$role</span>])) {
<a href="#783" id="783" class="l"> 783: </a>                <span class="php-keyword1">if</span> (<span class="php-keyword1">NULL</span> !== (<span class="php-var">$result</span> = <span class="php-var">$this</span>-&gt;roleDFSVisitAllPrivileges(<span class="php-var">$role</span>, <span class="php-var">$resource</span>, <span class="php-var">$dfs</span>))) {
<a href="#784" id="784" class="l"> 784: </a>                    <span class="php-keyword1">return</span> <span class="php-var">$result</span>;
<a href="#785" id="785" class="l"> 785: </a>                }
<a href="#786" id="786" class="l"> 786: </a>            }
<a href="#787" id="787" class="l"> 787: </a>        }
<a href="#788" id="788" class="l"> 788: </a>
<a href="#789" id="789" class="l"> 789: </a>        <span class="php-keyword1">return</span> <span class="php-keyword1">NULL</span>;
<a href="#790" id="790" class="l"> 790: </a>    }
<a href="#791" id="791" class="l"> 791: </a>
<a href="#792" id="792" class="l"> 792: </a>
<a href="#793" id="793" class="l"> 793: </a>
<a href="#794" id="794" class="l"> 794: </a>    <span class="php-comment">/**
</span><a href="#795" id="795" class="l"> 795: </a><span class="php-comment">     * Visits a $role in order to look for a rule allowing/denying $role access to all privileges upon $resource.
</span><a href="#796" id="796" class="l"> 796: </a><span class="php-comment">     *
</span><a href="#797" id="797" class="l"> 797: </a><span class="php-comment">     * This method returns TRUE if a rule is found and allows access. If a rule exists and denies access,
</span><a href="#798" id="798" class="l"> 798: </a><span class="php-comment">     * then this method returns FALSE. If no applicable rule is found, then this method returns NULL.
</span><a href="#799" id="799" class="l"> 799: </a><span class="php-comment">     *
</span><a href="#800" id="800" class="l"> 800: </a><span class="php-comment">     * This method is used by the internal depth-first search algorithm and may modify the DFS data structure.
</span><a href="#801" id="801" class="l"> 801: </a><span class="php-comment">     *
</span><a href="#802" id="802" class="l"> 802: </a><span class="php-comment">     * @param  string  role
</span><a href="#803" id="803" class="l"> 803: </a><span class="php-comment">     * @param  string  resource
</span><a href="#804" id="804" class="l"> 804: </a><span class="php-comment">     * @param  array   dfs
</span><a href="#805" id="805" class="l"> 805: </a><span class="php-comment">     * @return bool|NULL
</span><a href="#806" id="806" class="l"> 806: </a><span class="php-comment">     */</span>
<a href="#807" id="807" class="l"> 807: </a>    <span class="php-keyword1">private</span> <span class="php-keyword1">function</span> roleDFSVisitAllPrivileges(<span class="php-var">$role</span>, <span class="php-var">$resource</span>, &amp;<span class="php-var">$dfs</span>)
<a href="#808" id="808" class="l"> 808: </a>    {
<a href="#809" id="809" class="l"> 809: </a>        <span class="php-keyword1">if</span> (<span class="php-keyword1">NULL</span> !== (<span class="php-var">$rules</span> = <span class="php-var">$this</span>-&gt;getRules(<span class="php-var">$resource</span>, <span class="php-var">$role</span>))) {
<a href="#810" id="810" class="l"> 810: </a>            <span class="php-keyword1">foreach</span> (<span class="php-var">$rules</span>[<span class="php-quote">'byPrivilege'</span>] as <span class="php-var">$privilege</span> =&gt; <span class="php-var">$rule</span>) {
<a href="#811" id="811" class="l"> 811: </a>                <span class="php-keyword1">if</span> (self::DENY === <span class="php-var">$this</span>-&gt;getRuleType(<span class="php-var">$resource</span>, <span class="php-var">$role</span>, <span class="php-var">$privilege</span>)) {
<a href="#812" id="812" class="l"> 812: </a>                    <span class="php-keyword1">return</span> self::DENY;
<a href="#813" id="813" class="l"> 813: </a>                }
<a href="#814" id="814" class="l"> 814: </a>            }
<a href="#815" id="815" class="l"> 815: </a>            <span class="php-keyword1">if</span> (<span class="php-keyword1">NULL</span> !== (<span class="php-var">$type</span> = <span class="php-var">$this</span>-&gt;getRuleType(<span class="php-var">$resource</span>, <span class="php-var">$role</span>, <span class="php-keyword1">NULL</span>))) {
<a href="#816" id="816" class="l"> 816: </a>                <span class="php-keyword1">return</span> self::ALLOW === <span class="php-var">$type</span>;
<a href="#817" id="817" class="l"> 817: </a>            }
<a href="#818" id="818" class="l"> 818: </a>        }
<a href="#819" id="819" class="l"> 819: </a>
<a href="#820" id="820" class="l"> 820: </a>        <span class="php-var">$dfs</span>[<span class="php-quote">'visited'</span>][<span class="php-var">$role</span>] = <span class="php-keyword1">TRUE</span>;
<a href="#821" id="821" class="l"> 821: </a>        <span class="php-keyword1">foreach</span> (<span class="php-var">$this</span>-&gt;roles[<span class="php-var">$role</span>][<span class="php-quote">'parents'</span>] as <span class="php-var">$roleParent</span> =&gt; <span class="php-var">$foo</span>) {
<a href="#822" id="822" class="l"> 822: </a>            <span class="php-var">$dfs</span>[<span class="php-quote">'stack'</span>][] = <span class="php-var">$roleParent</span>;
<a href="#823" id="823" class="l"> 823: </a>        }
<a href="#824" id="824" class="l"> 824: </a>
<a href="#825" id="825" class="l"> 825: </a>        <span class="php-keyword1">return</span> <span class="php-keyword1">NULL</span>;
<a href="#826" id="826" class="l"> 826: </a>    }
<a href="#827" id="827" class="l"> 827: </a>
<a href="#828" id="828" class="l"> 828: </a>
<a href="#829" id="829" class="l"> 829: </a>
<a href="#830" id="830" class="l"> 830: </a>    <span class="php-comment">/**
</span><a href="#831" id="831" class="l"> 831: </a><span class="php-comment">     * Performs a depth-first search of the Role DAG, starting at $role, in order to find a rule.
</span><a href="#832" id="832" class="l"> 832: </a><span class="php-comment">     * allowing/denying $role access to a $privilege upon $resource
</span><a href="#833" id="833" class="l"> 833: </a><span class="php-comment">     *
</span><a href="#834" id="834" class="l"> 834: </a><span class="php-comment">     * This method returns TRUE if a rule is found and allows access. If a rule exists and denies access,
</span><a href="#835" id="835" class="l"> 835: </a><span class="php-comment">     * then this method returns FALSE. If no applicable rule is found, then this method returns NULL.
</span><a href="#836" id="836" class="l"> 836: </a><span class="php-comment">     *
</span><a href="#837" id="837" class="l"> 837: </a><span class="php-comment">     * @param  string  role
</span><a href="#838" id="838" class="l"> 838: </a><span class="php-comment">     * @param  string  resource
</span><a href="#839" id="839" class="l"> 839: </a><span class="php-comment">     * @param  string  privilege
</span><a href="#840" id="840" class="l"> 840: </a><span class="php-comment">     * @return bool|NULL
</span><a href="#841" id="841" class="l"> 841: </a><span class="php-comment">     */</span>
<a href="#842" id="842" class="l"> 842: </a>    <span class="php-keyword1">private</span> <span class="php-keyword1">function</span> roleDFSOnePrivilege(<span class="php-var">$role</span>, <span class="php-var">$resource</span>, <span class="php-var">$privilege</span>)
<a href="#843" id="843" class="l"> 843: </a>    {
<a href="#844" id="844" class="l"> 844: </a>        <span class="php-var">$dfs</span> = <span class="php-keyword1">array</span>(
<a href="#845" id="845" class="l"> 845: </a>            <span class="php-quote">'visited'</span> =&gt; <span class="php-keyword1">array</span>(),
<a href="#846" id="846" class="l"> 846: </a>            <span class="php-quote">'stack'</span>   =&gt; <span class="php-keyword1">array</span>(<span class="php-var">$role</span>),
<a href="#847" id="847" class="l"> 847: </a>        );
<a href="#848" id="848" class="l"> 848: </a>
<a href="#849" id="849" class="l"> 849: </a>        <span class="php-keyword1">while</span> (<span class="php-keyword1">NULL</span> !== (<span class="php-var">$role</span> = <span class="php-keyword2">array_pop</span>(<span class="php-var">$dfs</span>[<span class="php-quote">'stack'</span>]))) {
<a href="#850" id="850" class="l"> 850: </a>            <span class="php-keyword1">if</span> (!<span class="php-keyword1">isset</span>(<span class="php-var">$dfs</span>[<span class="php-quote">'visited'</span>][<span class="php-var">$role</span>])) {
<a href="#851" id="851" class="l"> 851: </a>                <span class="php-keyword1">if</span> (<span class="php-keyword1">NULL</span> !== (<span class="php-var">$result</span> = <span class="php-var">$this</span>-&gt;roleDFSVisitOnePrivilege(<span class="php-var">$role</span>, <span class="php-var">$resource</span>, <span class="php-var">$privilege</span>, <span class="php-var">$dfs</span>))) {
<a href="#852" id="852" class="l"> 852: </a>                    <span class="php-keyword1">return</span> <span class="php-var">$result</span>;
<a href="#853" id="853" class="l"> 853: </a>                }
<a href="#854" id="854" class="l"> 854: </a>            }
<a href="#855" id="855" class="l"> 855: </a>        }
<a href="#856" id="856" class="l"> 856: </a>
<a href="#857" id="857" class="l"> 857: </a>        <span class="php-keyword1">return</span> <span class="php-keyword1">NULL</span>;
<a href="#858" id="858" class="l"> 858: </a>    }
<a href="#859" id="859" class="l"> 859: </a>
<a href="#860" id="860" class="l"> 860: </a>
<a href="#861" id="861" class="l"> 861: </a>
<a href="#862" id="862" class="l"> 862: </a>    <span class="php-comment">/**
</span><a href="#863" id="863" class="l"> 863: </a><span class="php-comment">     * Visits a $role in order to look for a rule allowing/denying $role access to a $privilege upon $resource.
</span><a href="#864" id="864" class="l"> 864: </a><span class="php-comment">     *
</span><a href="#865" id="865" class="l"> 865: </a><span class="php-comment">     * This method returns TRUE if a rule is found and allows access. If a rule exists and denies access,
</span><a href="#866" id="866" class="l"> 866: </a><span class="php-comment">     * then this method returns FALSE. If no applicable rule is found, then this method returns NULL.
</span><a href="#867" id="867" class="l"> 867: </a><span class="php-comment">     *
</span><a href="#868" id="868" class="l"> 868: </a><span class="php-comment">     * This method is used by the internal depth-first search algorithm and may modify the DFS data structure.
</span><a href="#869" id="869" class="l"> 869: </a><span class="php-comment">     *
</span><a href="#870" id="870" class="l"> 870: </a><span class="php-comment">     * @param  string  role
</span><a href="#871" id="871" class="l"> 871: </a><span class="php-comment">     * @param  string  resource
</span><a href="#872" id="872" class="l"> 872: </a><span class="php-comment">     * @param  string  privilege
</span><a href="#873" id="873" class="l"> 873: </a><span class="php-comment">     * @param  array   dfs
</span><a href="#874" id="874" class="l"> 874: </a><span class="php-comment">     * @return bool|NULL
</span><a href="#875" id="875" class="l"> 875: </a><span class="php-comment">     */</span>
<a href="#876" id="876" class="l"> 876: </a>    <span class="php-keyword1">private</span> <span class="php-keyword1">function</span> roleDFSVisitOnePrivilege(<span class="php-var">$role</span>, <span class="php-var">$resource</span>, <span class="php-var">$privilege</span>, &amp;<span class="php-var">$dfs</span>)
<a href="#877" id="877" class="l"> 877: </a>    {
<a href="#878" id="878" class="l"> 878: </a>        <span class="php-keyword1">if</span> (<span class="php-keyword1">NULL</span> !== (<span class="php-var">$type</span> = <span class="php-var">$this</span>-&gt;getRuleType(<span class="php-var">$resource</span>, <span class="php-var">$role</span>, <span class="php-var">$privilege</span>))) {
<a href="#879" id="879" class="l"> 879: </a>            <span class="php-keyword1">return</span> self::ALLOW === <span class="php-var">$type</span>;
<a href="#880" id="880" class="l"> 880: </a>        }
<a href="#881" id="881" class="l"> 881: </a>
<a href="#882" id="882" class="l"> 882: </a>        <span class="php-keyword1">if</span> (<span class="php-keyword1">NULL</span> !== (<span class="php-var">$type</span> = <span class="php-var">$this</span>-&gt;getRuleType(<span class="php-var">$resource</span>, <span class="php-var">$role</span>, <span class="php-keyword1">NULL</span>))) {
<a href="#883" id="883" class="l"> 883: </a>            <span class="php-keyword1">return</span> self::ALLOW === <span class="php-var">$type</span>;
<a href="#884" id="884" class="l"> 884: </a>        }
<a href="#885" id="885" class="l"> 885: </a>
<a href="#886" id="886" class="l"> 886: </a>        <span class="php-var">$dfs</span>[<span class="php-quote">'visited'</span>][<span class="php-var">$role</span>] = <span class="php-keyword1">TRUE</span>;
<a href="#887" id="887" class="l"> 887: </a>        <span class="php-keyword1">foreach</span> (<span class="php-var">$this</span>-&gt;roles[<span class="php-var">$role</span>][<span class="php-quote">'parents'</span>] as <span class="php-var">$roleParent</span> =&gt; <span class="php-var">$foo</span>)
<a href="#888" id="888" class="l"> 888: </a>            <span class="php-var">$dfs</span>[<span class="php-quote">'stack'</span>][] = <span class="php-var">$roleParent</span>;
<a href="#889" id="889" class="l"> 889: </a>
<a href="#890" id="890" class="l"> 890: </a>        <span class="php-keyword1">return</span> <span class="php-keyword1">NULL</span>;
<a href="#891" id="891" class="l"> 891: </a>    }
<a href="#892" id="892" class="l"> 892: </a>
<a href="#893" id="893" class="l"> 893: </a>
<a href="#894" id="894" class="l"> 894: </a>
<a href="#895" id="895" class="l"> 895: </a>    <span class="php-comment">/**
</span><a href="#896" id="896" class="l"> 896: </a><span class="php-comment">     * Returns the rule type associated with the specified Resource, Role, and privilege.
</span><a href="#897" id="897" class="l"> 897: </a><span class="php-comment">     * combination.
</span><a href="#898" id="898" class="l"> 898: </a><span class="php-comment">     *
</span><a href="#899" id="899" class="l"> 899: </a><span class="php-comment">     * If a rule does not exist or its attached assertion fails, which means that
</span><a href="#900" id="900" class="l"> 900: </a><span class="php-comment">     * the rule is not applicable, then this method returns NULL. Otherwise, the
</span><a href="#901" id="901" class="l"> 901: </a><span class="php-comment">     * rule type applies and is returned as either ALLOW or DENY.
</span><a href="#902" id="902" class="l"> 902: </a><span class="php-comment">     *
</span><a href="#903" id="903" class="l"> 903: </a><span class="php-comment">     * If $resource or $role is Permission::ALL, then this means that the rule must apply to
</span><a href="#904" id="904" class="l"> 904: </a><span class="php-comment">     * all Resources or Roles, respectively.
</span><a href="#905" id="905" class="l"> 905: </a><span class="php-comment">     *
</span><a href="#906" id="906" class="l"> 906: </a><span class="php-comment">     * If $privilege is Permission::ALL, then the rule must apply to all privileges.
</span><a href="#907" id="907" class="l"> 907: </a><span class="php-comment">     *
</span><a href="#908" id="908" class="l"> 908: </a><span class="php-comment">     * If all three parameters are Permission::ALL, then the default ACL rule type is returned,
</span><a href="#909" id="909" class="l"> 909: </a><span class="php-comment">     * based on whether its assertion method passes.
</span><a href="#910" id="910" class="l"> 910: </a><span class="php-comment">     *
</span><a href="#911" id="911" class="l"> 911: </a><span class="php-comment">     * @param  string|Permission::ALL  role
</span><a href="#912" id="912" class="l"> 912: </a><span class="php-comment">     * @param  string|Permission::ALL  resource
</span><a href="#913" id="913" class="l"> 913: </a><span class="php-comment">     * @param  string|Permission::ALL  privilege
</span><a href="#914" id="914" class="l"> 914: </a><span class="php-comment">     * @return bool|NULL
</span><a href="#915" id="915" class="l"> 915: </a><span class="php-comment">     */</span>
<a href="#916" id="916" class="l"> 916: </a>    <span class="php-keyword1">private</span> <span class="php-keyword1">function</span> getRuleType(<span class="php-var">$resource</span>, <span class="php-var">$role</span>, <span class="php-var">$privilege</span>)
<a href="#917" id="917" class="l"> 917: </a>    {
<a href="#918" id="918" class="l"> 918: </a>        <span class="php-comment">// get the rules for the $resource and $role
</span><a href="#919" id="919" class="l"> 919: </a>        <span class="php-keyword1">if</span> (<span class="php-keyword1">NULL</span> === (<span class="php-var">$rules</span> = <span class="php-var">$this</span>-&gt;getRules(<span class="php-var">$resource</span>, <span class="php-var">$role</span>))) {
<a href="#920" id="920" class="l"> 920: </a>            <span class="php-keyword1">return</span> <span class="php-keyword1">NULL</span>;
<a href="#921" id="921" class="l"> 921: </a>        }
<a href="#922" id="922" class="l"> 922: </a>
<a href="#923" id="923" class="l"> 923: </a>        <span class="php-comment">// follow $privilege
</span><a href="#924" id="924" class="l"> 924: </a>        <span class="php-keyword1">if</span> (<span class="php-var">$privilege</span> === self::ALL) {
<a href="#925" id="925" class="l"> 925: </a>            <span class="php-keyword1">if</span> (<span class="php-keyword1">isset</span>(<span class="php-var">$rules</span>[<span class="php-quote">'allPrivileges'</span>])) {
<a href="#926" id="926" class="l"> 926: </a>                <span class="php-var">$rule</span> = <span class="php-var">$rules</span>[<span class="php-quote">'allPrivileges'</span>];
<a href="#927" id="927" class="l"> 927: </a>            } <span class="php-keyword1">else</span> {
<a href="#928" id="928" class="l"> 928: </a>                <span class="php-keyword1">return</span> <span class="php-keyword1">NULL</span>;
<a href="#929" id="929" class="l"> 929: </a>            }
<a href="#930" id="930" class="l"> 930: </a>        } <span class="php-keyword1">elseif</span> (!<span class="php-keyword1">isset</span>(<span class="php-var">$rules</span>[<span class="php-quote">'byPrivilege'</span>][<span class="php-var">$privilege</span>])) {
<a href="#931" id="931" class="l"> 931: </a>            <span class="php-keyword1">return</span> <span class="php-keyword1">NULL</span>;
<a href="#932" id="932" class="l"> 932: </a>
<a href="#933" id="933" class="l"> 933: </a>        } <span class="php-keyword1">else</span> {
<a href="#934" id="934" class="l"> 934: </a>            <span class="php-var">$rule</span> = <span class="php-var">$rules</span>[<span class="php-quote">'byPrivilege'</span>][<span class="php-var">$privilege</span>];
<a href="#935" id="935" class="l"> 935: </a>        }
<a href="#936" id="936" class="l"> 936: </a>
<a href="#937" id="937" class="l"> 937: </a>        <span class="php-comment">// check assertion if necessary
</span><a href="#938" id="938" class="l"> 938: </a>        <span class="php-keyword1">if</span> (<span class="php-var">$rule</span>[<span class="php-quote">'assert'</span>] === <span class="php-keyword1">NULL</span> || <span class="php-var">$rule</span>[<span class="php-quote">'assert'</span>]-&gt;<span class="php-keyword2">assert</span>(<span class="php-var">$this</span>, <span class="php-var">$role</span>, <span class="php-var">$resource</span>, <span class="php-var">$privilege</span>)) {
<a href="#939" id="939" class="l"> 939: </a>            <span class="php-keyword1">return</span> <span class="php-var">$rule</span>[<span class="php-quote">'type'</span>];
<a href="#940" id="940" class="l"> 940: </a>
<a href="#941" id="941" class="l"> 941: </a>        } <span class="php-keyword1">elseif</span> (<span class="php-var">$resource</span> !== self::ALL || <span class="php-var">$role</span> !== self::ALL || <span class="php-var">$privilege</span> !== self::ALL) {
<a href="#942" id="942" class="l"> 942: </a>            <span class="php-keyword1">return</span> <span class="php-keyword1">NULL</span>;
<a href="#943" id="943" class="l"> 943: </a>
<a href="#944" id="944" class="l"> 944: </a>        } <span class="php-keyword1">elseif</span> (self::ALLOW === <span class="php-var">$rule</span>[<span class="php-quote">'type'</span>]) {
<a href="#945" id="945" class="l"> 945: </a>            <span class="php-keyword1">return</span> self::DENY;
<a href="#946" id="946" class="l"> 946: </a>
<a href="#947" id="947" class="l"> 947: </a>        } <span class="php-keyword1">else</span> {
<a href="#948" id="948" class="l"> 948: </a>            <span class="php-keyword1">return</span> self::ALLOW;
<a href="#949" id="949" class="l"> 949: </a>        }
<a href="#950" id="950" class="l"> 950: </a>    }
<a href="#951" id="951" class="l"> 951: </a>
<a href="#952" id="952" class="l"> 952: </a>
<a href="#953" id="953" class="l"> 953: </a>
<a href="#954" id="954" class="l"> 954: </a>    <span class="php-comment">/**
</span><a href="#955" id="955" class="l"> 955: </a><span class="php-comment">     * Returns the rules associated with a Resource and a Role, or NULL if no such rules exist.
</span><a href="#956" id="956" class="l"> 956: </a><span class="php-comment">     *
</span><a href="#957" id="957" class="l"> 957: </a><span class="php-comment">     * If either $resource or $role is Permission::ALL, this means that the rules returned are for all Resources or all Roles,
</span><a href="#958" id="958" class="l"> 958: </a><span class="php-comment">     * respectively. Both can be Permission::ALL to return the default rule set for all Resources and all Roles.
</span><a href="#959" id="959" class="l"> 959: </a><span class="php-comment">     *
</span><a href="#960" id="960" class="l"> 960: </a><span class="php-comment">     * If the $create parameter is TRUE, then a rule set is first created and then returned to the caller.
</span><a href="#961" id="961" class="l"> 961: </a><span class="php-comment">     *
</span><a href="#962" id="962" class="l"> 962: </a><span class="php-comment">     * @param  string|Permission::ALL  resource
</span><a href="#963" id="963" class="l"> 963: </a><span class="php-comment">     * @param  string|Permission::ALL  role
</span><a href="#964" id="964" class="l"> 964: </a><span class="php-comment">     * @param  boolean  create
</span><a href="#965" id="965" class="l"> 965: </a><span class="php-comment">     * @return array|NULL
</span><a href="#966" id="966" class="l"> 966: </a><span class="php-comment">     */</span>
<a href="#967" id="967" class="l"> 967: </a>    <span class="php-keyword1">private</span> <span class="php-keyword1">function</span> &amp; getRules(<span class="php-var">$resource</span>, <span class="php-var">$role</span>, <span class="php-var">$create</span> = <span class="php-keyword1">FALSE</span>)
<a href="#968" id="968" class="l"> 968: </a>    {
<a href="#969" id="969" class="l"> 969: </a>        <span class="php-comment">// follow $resource
</span><a href="#970" id="970" class="l"> 970: </a>        <span class="php-keyword1">if</span> (<span class="php-var">$resource</span> === self::ALL) {
<a href="#971" id="971" class="l"> 971: </a>            <span class="php-var">$visitor</span> = &amp; <span class="php-var">$this</span>-&gt;rules[<span class="php-quote">'allResources'</span>];
<a href="#972" id="972" class="l"> 972: </a>        } <span class="php-keyword1">else</span> {
<a href="#973" id="973" class="l"> 973: </a>            <span class="php-keyword1">if</span> (!<span class="php-keyword1">isset</span>(<span class="php-var">$this</span>-&gt;rules[<span class="php-quote">'byResource'</span>][<span class="php-var">$resource</span>])) {
<a href="#974" id="974" class="l"> 974: </a>                <span class="php-keyword1">if</span> (!<span class="php-var">$create</span>) {
<a href="#975" id="975" class="l"> 975: </a>                    <span class="php-var">$null</span> = <span class="php-keyword1">NULL</span>;
<a href="#976" id="976" class="l"> 976: </a>                    <span class="php-keyword1">return</span> <span class="php-var">$null</span>;
<a href="#977" id="977" class="l"> 977: </a>                }
<a href="#978" id="978" class="l"> 978: </a>                <span class="php-var">$this</span>-&gt;rules[<span class="php-quote">'byResource'</span>][<span class="php-var">$resource</span>] = <span class="php-keyword1">array</span>();
<a href="#979" id="979" class="l"> 979: </a>            }
<a href="#980" id="980" class="l"> 980: </a>            <span class="php-var">$visitor</span> = &amp; <span class="php-var">$this</span>-&gt;rules[<span class="php-quote">'byResource'</span>][<span class="php-var">$resource</span>];
<a href="#981" id="981" class="l"> 981: </a>        }
<a href="#982" id="982" class="l"> 982: </a>
<a href="#983" id="983" class="l"> 983: </a>
<a href="#984" id="984" class="l"> 984: </a>        <span class="php-comment">// follow $role
</span><a href="#985" id="985" class="l"> 985: </a>        <span class="php-keyword1">if</span> (<span class="php-var">$role</span> === self::ALL) {
<a href="#986" id="986" class="l"> 986: </a>            <span class="php-keyword1">if</span> (!<span class="php-keyword1">isset</span>(<span class="php-var">$visitor</span>[<span class="php-quote">'allRoles'</span>])) {
<a href="#987" id="987" class="l"> 987: </a>                <span class="php-keyword1">if</span> (!<span class="php-var">$create</span>) {
<a href="#988" id="988" class="l"> 988: </a>                    <span class="php-var">$null</span> = <span class="php-keyword1">NULL</span>;
<a href="#989" id="989" class="l"> 989: </a>                    <span class="php-keyword1">return</span> <span class="php-var">$null</span>;
<a href="#990" id="990" class="l"> 990: </a>                }
<a href="#991" id="991" class="l"> 991: </a>                <span class="php-var">$visitor</span>[<span class="php-quote">'allRoles'</span>][<span class="php-quote">'byPrivilege'</span>] = <span class="php-keyword1">array</span>();
<a href="#992" id="992" class="l"> 992: </a>            }
<a href="#993" id="993" class="l"> 993: </a>            <span class="php-keyword1">return</span> <span class="php-var">$visitor</span>[<span class="php-quote">'allRoles'</span>];
<a href="#994" id="994" class="l"> 994: </a>        }
<a href="#995" id="995" class="l"> 995: </a>
<a href="#996" id="996" class="l"> 996: </a>        <span class="php-keyword1">if</span> (!<span class="php-keyword1">isset</span>(<span class="php-var">$visitor</span>[<span class="php-quote">'byRole'</span>][<span class="php-var">$role</span>])) {
<a href="#997" id="997" class="l"> 997: </a>            <span class="php-keyword1">if</span> (!<span class="php-var">$create</span>) {
<a href="#998" id="998" class="l"> 998: </a>                <span class="php-var">$null</span> = <span class="php-keyword1">NULL</span>;
<a href="#999" id="999" class="l"> 999: </a>                <span class="php-keyword1">return</span> <span class="php-var">$null</span>;
<a href="#1000" id="1000" class="l">1000: </a>            }
<a href="#1001" id="1001" class="l">1001: </a>            <span class="php-var">$visitor</span>[<span class="php-quote">'byRole'</span>][<span class="php-var">$role</span>][<span class="php-quote">'byPrivilege'</span>] = <span class="php-keyword1">array</span>();
<a href="#1002" id="1002" class="l">1002: </a>        }
<a href="#1003" id="1003" class="l">1003: </a>
<a href="#1004" id="1004" class="l">1004: </a>        <span class="php-keyword1">return</span> <span class="php-var">$visitor</span>[<span class="php-quote">'byRole'</span>][<span class="php-var">$role</span>];
<a href="#1005" id="1005" class="l">1005: </a>    }
<a href="#1006" id="1006" class="l">1006: </a>
<a href="#1007" id="1007" class="l">1007: </a>}
<a href="#1008" id="1008" class="l">1008: </a></code></pre>

	<div id="footer">
		Nette Framework API documentation generated by <a href="http://apigen.org">ApiGen</a>
	</div>
</div>
</body>
</html>
